Before Security Center can use Okta to authenticate users with OpenID Connect, setup is required in Config Tool and the Okta Admin Console.
This example shows how to set up third-party authentication with Okta using the OpenID Connect (OIDC) UserInfo endpoint. The procedure is divided into three sections:
- Locating the properties in the Okta Admin Console
- Understanding the significance of each property
- Validating the properties before you can proceed
- Accessing corresponding help topics
To implement third-party authentication, you must have administrator rights in Security Center and Okta.
1 - Preparing Security Center
- Open Config Tool and connect to the Security Center main server as an administrator.
- From the Config Tool homepage, open the System task and click the Roles view.
- Click Add an entity () > Authentication Service.
The Creating a role: Authentication Service window opens.
- In the Specific info section, select the identity provider
and the authentication protocol and click Next.
- Provider
- Okta
- Protocol
- OpenID Connect
- In the Basic information section, enter a name and optional
description for the new Authentication Service role.
- If there are partitions in your system, select the partition of which this role
is a member and click Create.
Partitions determine which Security Center users have access to this entity. Only users who have been granted access to the partition can see this role.
- From the App registration page, copy the redirect
and logout URIs.
For more information, see About role endpoints configuration.
- Click NOTE: The Suspend button allows you to save and exit the configuration wizard temporarily. You can suspend the configuration at any time during the process.
.
2 - Preparing Okta
- An Okta administrator account
- At least one user provisioned
- At least one user group that contains the users you want to grant access to Security Center
- In the Okta Admin Console, select Create App Integration.
- In the Create a new app integration wizard, select
OIDC - OpenID Connect, Web
Application and click Next.
- On the New Web App Integration page, configure the
following settings and click Save:
-
App integration name: Enter the name of the App integration.
-
Sign-in redirect URIs: Copy from the
redirect URIs in Security Center
-
Sign-out redirect URIs: Copy from the
logout URIs in Security Center
-
App integration name: Enter the name of the App integration.