Set up Okta as the authorization server - Integration - Ver. 3.7.0.3 - Administration & Configuration - Hexagon

HxGN VDS Install and Setup

Language
English
Product
Integration
Search by Category
Administration & Configuration
VDS Version
3.13
  1. Register your VDS Web Server as an ‘Authorization Server’.

  2. Click the Security > API tab, and then click Authorization Servers > Add Authorization Server.

  3. In the Add Authorization Server dialog, enter the details as shown in the following example:

    Setting

    Example

    Description

    Name

    VDSWebAPI

    The name of the authorization server

    Audience

    71FC520E-78DA-4EA7-96C1-164EA13FD5DO

    This is a Globally Unique Identifier (GUID) that is generated using the GUID website http://new-guid.com. The GUID must be in upper case.

    You must keep a record of the generated GUID as it is used as the Smart API Service ID scope for the authorization server.

    Description

    VDSWebAPI

    The description of the authorization server

  4. Click Save.

  5. Click the Scopes tab, and then click Add Scope.

  6. In the Add Scope dialog, set the service ID scope as shown in the following example:

    Name

    Description

    Set as default scope

    Include in public metadata

    71FC520E-78DA-4EA7-96C1-164EA13FD5DO

    VDS Web API ID Scope

    No

    Yes

    The name must be the generated GUID for the authorization server.

  7. Click Create.

  8. In the Add Scope dialog, set the ingr.api scope as shown in the following example:

    Name

    Description

    Set as default scope

    Include in public metadata

    ingr.api

    ingr.api

    No

    Yes

  9. Click Create. The two new scopes display in the Scopes tab.

  10. Select the Claims tab and click Add Claim.

  11. In the Add Claim dialog, set the claims as shown in the following example:

    Name

    Value

    Scopes

    Type

    Included

    sub

    (appuser !=null) ? appuser.userName : app.clientid

    Any

    access

    Always

    ingr.session_id

    String.replace(String.replace(String.replace(Time.now(), ":", ""), "-", ""), ".", "")

    Any

    access

    Always

    name

    String.join("", user.firstName, user.lastName)

    Any

    access

    Always

  12. Click Create.

    The sub claim on the generated token contains the user name you must use in your client application. The user name in your client application must match the name of the Okta user. When Okta employs users configured by an external identity provider, such as Active Directory, the users must be created in your client application before you can log on. Alternatively, you can create a default template user to avoid setting up each user.

  13. Click the Access Policies tab, and then click Add New Access Policy.

  14. In the Add Policy dialog, set the policy as shown in the following example:

    Name

    Description

    Assign to

    VDS Web API Access Policy

    Access policy for GDS Web API

    Your client application Web Client

    Make sure your client application Web Client assigned to the policy is set up and working before you complete this configuration.

  15. Click Create Policy.

  16. Click Add Rule. Rules allow for the configuration of the token lifetime and expiration.

  17. In the Add Rule dialog, set the rules as shown in the following example:

    Option

    Detail

    Rule Name

    VDS Web API Token Rule

    IF Grant type is Client acting on behalf of itself

    Client Credentials

    IF Grant type is Client acting on behalf of a user

    Authorization Code

    Implicit

    Resource Owner Password

    AND User is

    Any user assigned the application

    AND Scopes requested

    Any scopes

    THEN Access token lifetime is

    1 Hour

    AND Refresh token lifetime is

    Unlimited

    BUT will expire if not used every

    7 Days

  18. Click Create Rule.

  19. Record the Audience and the Issuer of the registered web API. You must have this information for a later step when editing the VDS Configuration Utility properties in Configure Security Settings for the VDS Web Server.

  20. Make sure all client application and VDS APIs and all access policies are active. Inactive access policies can result in errors when you try to view the 3D model.