Before you start to configure, it is assumed that an OKTA user account is created and the user is logged into OKTA as an administrator.
The steps for configuring OKTA Authorization Server are listed below:
-
Create the OKTA Application (client).
-
Create a user in OKTA.
-
Create an OKTA Authorization Server (AS) and assign the OKTA Application to it.
-
Edit the SRD API Web.config and set the Audience and Issuer URI gathered from OKTA.
Create an OKTA Application
OKTA refers the clients as applications. You must grant the application access to an Authorization Server.
-
Click the Applications tab and select Applications.
-
Click Add Application.
-
Click Create New App.
-
Select OpenID connect as Sign on method for the Native app.
-
Click Create.
-
Enter the Application label and add the Login and Logout URIs including any local host redirects for dev/test.
-
Select the Authorization Code check box.
-
Select the Refresh Token check box.
-
Click Add URI and type the Login redirect URI.
The redirect URl must be in the below format: https://<application_server_name>.<domain_name>/<SRD_Service_Virtual_directory>/TestHTMLAccess.htm
-
Click Save. The Client ID will be auto-populated.
-
Make a note of the Client ID.
Add New Users to OKTA
-
Click the Dashboard tab and select Dashboard.
-
Click the Add people hyperlink.
-
In the People screen, click Add Person.
You can also navigate to People screen from the Directory tab.
-
Enter the required data to create a new user profile.
-
Click Save.
The Username can be same as the Primary email.
Assign the application to user
-
Open OKTA application.
-
Click the Assignments tab.
-
Click Assign and select Assign to People.
-
Search for appropriate group /people to assign.
-
Click Assign.