DocsEdge StackSingle Sign-On with Okta
2 min • read
Single Sign-On with Okta
Create an OIDC application
Note: If you have a standard Okta account you must first navigate to your Okta Org's admin portal (step 1). Developer accounts can skip to Step 2.
- Go to your org and click
Admin
in the top right corner to access the admin portal - Select
Applications
- Select
Add Application
- Choose
Web
andOpenID Connect
. Then clickCreate
. - Give it a name, enter the URL of your Ambassador Edge Stack load balancer in
Base URIs
and the callback URL{AMBASSADOR_URL}/.ambassador/oauth2/redirection-endpoint
as theLogin redirect URIs
- Go to your org and click
Copy the
Client ID
andClient Secret
and use them to fill in theClientID
andSecret
of you Okta OAuthFilter
.Get the
audience
configuration- Select
API
andAuthorization Servers
- You can use the default
Authorization Server
or create your own. - If you are using the default, the
audience
of your Okta OAuthFilter
isapi://default
- The value of the
authorizationURL
is theIssuer URI
of theAuthorization Server
- Select
Configure Filter and FilterPolicy
Configure your OAuth Filter
and FilterPolicy
with the following:
Note: Scope values openid
and profile
are required at a
minimum. Other scope values can be added to the Authorization Server
.