/
Okta

Okta

For any new Okta instance in Zilla, we recommend using Client Credential flow mentioned in this document below.

For Authorization Grant Flow, please visit this page.

Configure app integration in Okta

For supporting Client Credential-based authentication we need to create service account in okta.
Please follow the below steps to create service account.

  1. Login to okta with admin credentials.

  2. On left menu, click on Applications → Navigate to Applications in sub-menu -> click on Create App Integration

image-20240415-082151.png

 

  1. Select API Services, then click on Next.

image (17)-20240313-071936.png

  1. Give name for the App integration name and click on Save.

image-20240415-082602.png

  1. In General tab, click on Edit for Client Credentials section.

image-20240313-093005.png

  1. Select Public key / Private key for Client authentication field.

image-20240313-093102.png

  1. Click on the Add key inside the PUBLIC KEYS section.

  2. To Configure the public key in Okta service application

Option 1: To use Zilla-generated public key (Not recommended)

Paste a public key provided by Zilla and click on Done. Then click on Save to save the changes in Client Credentials section.

image (20)-20240313-091954.png

Option 2: To use Okta-generated public key (This is the recommended option)

Click on Generate new key .

In “Private key - Copy this!“ section, click on PEM, click on “Copy to clipboard” to copy the private key in PEM format, then click on Done. (This will be visible only once, so store it in a secure place for further use in Zilla configurations). Then click on Save to save the changes in Client Credentials section.

image-20240412-044613.png

This pop-up will appear, click on Save.

image-20240415-083906.png

 

  1. In General tab, for General Settings section, click on Edit.

  2. For Proof of possession field, Uncheck the checkbox of “Require Demonstrating Proof of Possession (DPoP) header in the token requests” and click on Save.

  3. Go to Okta API Scopes tab and grant below mentioned scopes required for API integration, by clicking on “Grant” in Actions column.
    okta.apps.read
    okta.factors.read
    okta.groups.read
    okta.policies.read
    okta.roles.read
    okta.users.read

image (21)-20240313-092536.png

Then click on “Granted” in left menu to check the Granted scopes.

image-20240415-084620.png

Note: manage scopes are only required when ‘enable account modifications’ is set.

 

  1. Go to Admin roles tab and Click on Edit assignments, click on Roles dropdown and search and select “Super Administrator”, then click on Save Changes. Reference to this Okta’s documentation discussing how service app constrained with permitted scopes even with admin roles.

image-20240415-084911.png

 

image (22)-20240313-092643.png

  1. If Option 2 is chosen for configuring Public Key in Okta service application in Step 8. above, then Copy Client Id, Client Domain and Private key for configuring & syncing Okta in Zilla.

  2. If Option 1 is chosen for configuring Public Key in Okta service application in Step 8. above, then Copy Client Id, Client Domain for configuring & syncing Okta in Zilla.

Setup Okta Application API Integration on Zilla

  1. Visit the Zilla application and login using your admin credentials and then click on Add Application in the top right.

image-20240215-143704.png

  1. A window with a search bar appears, type in okta in the search bar and hit enter. Okta app entry will appear at the top of the list, click Add to Applications button to the right.

image-20240412-061256.png

  1. Fill in the form with appropriate details and then click Add to Applications.

image-20240412-061345.png

  1. The Okta app will be added to the Applications tab. Click on Okta in Application column.

image-20240412-061457.png

  1. A detailed view of Okta application appears. Click Sync now in top right corner.

image-20240412-061553.png

  1. Enable API Integration. Enter the Okta Domain, Okta Client Id into the respective text fields.

  2. In Use client credential based authentication (Yes/No) field, enter “Yes” as value (For client credential flow)

  3. Click on Sync Now/Next without adding any private key in the case of Option 1: Zilla-generated public key

  4. Add the Private key to the field named Private key of the service account (Required for client credential based authentication) copied in the above steps and click Sync Now/Next in the case of Option 2: Okta-generated public key

  5. If the Sync roles assigned to applications? setting is set to Yes, Zilla will be able to identify applications with specific roles (in addition to scopes) and display them as accounts in Accounts tab in Okta application instance with the assigned roles and as resources in Resources tab.
    If set to No, these applications will be shown as resources in Resources tab in Zilla for Okta application instance.

image-20240704-093406.png

  1. Click Next again and the sync will begin. Then click Done.

image-20240412-062736.png

  1. Successful sync will pop up with Sync Summary. Click Close.

image-20240415-125113.png