How to integrate Security Center with Okta using OpenID Connect - Security Center 5.9

Security Center Administrator Guide 5.9

Applies to
Security Center 5.9
Last updated
2022-09-12
Content type
Guides > Administrator guides
Language
English (United States)
Product
Security Center
Version
5.9

Before Security Center can use Okta to authenticate users, setup is required in Config Tool and the Okta Developer Console.

This example shows the steps required to set up third-party authentication with Okta using OpenID Connect (OIDC). The procedure is divided into the following sections:

  1. Preparing Security Center
  2. Preparing Okta
  3. Integrating Security Center with Okta

To implement third-party authentication, you must have administrator rights in Security Center and Okta.

IMPORTANT: This sample integration might differ from your requirements and the Okta Developer Console is subject to change. When setting up Okta, ensure that all steps are adapted to your specific situation.

1 - Preparing Security Center

  1. Open Config Tool and connect to the Security Center main server as an administrator.
  2. In Config Tool, open System > Roles and click Add an entity > Authentication Service.

  3. In the Creating a role: Authentication Service window, select OpenID and click Next.

  4. Enter a name and optional description for the new Authentication Service role and click Next.

    NOTE: If your system has multiple partitions, you can also add the new role to a specific partition here.
  5. On the Summary page, ensure all the information is correct, click Create, and click Close.
  6. In the newly created role, click the Network endpoint tab.
  7. On the Network endpoint page, copy the OIDC redirect and logout URIs. These are needed to configure Okta.
    NOTE: You might need to restart the System task to see the endpoint URIs.

2 - Preparing Okta

Before completing these steps in the Okta Developer Console, you must meet all of the following prerequisites:
  • Have an Okta administrator account.
  • Have provisioned at least one user.
  • Have provisioned at least one user group that contains the users you want to grant access to Security Center.
  1. In the Okta Developer Console, select Applications and then click Add Application.

  2. In the Create New Application wizard, select Web, and click Next.

  3. Set the following Application Settings and click Done:
    • Name
    • Login redirect URIs copied from Security Center
    • Logout redirect URIs copied from Security Center
    • Group assignments
    • Grant type allowed select Client Credentials

  4. Click Applications, the name of your Security Center application, and the General tab.
  5. Under Client Credentials, copy the default Client ID and Client secret. These are needed to configure Security Center. If required, you can click Edit to change these values as needed.

  6. Click the Okta API Scopes tab for your Security Center application and grant the okta.groups.read and okta.users.read operations.

  7. Click API > Authorization Servers and copy the Issuer URI for the default server. This URI is needed to configure Security Center.