2023-12-13 14:03:08 +01:00
---
title: Okta SSO for Bare Metal
slug: /deployment/security/okta/bare-metal
2024-09-05 10:30:31 +02:00
collate: false
2023-12-13 14:03:08 +01:00
---
# Okta SSO for Bare Metal
## Update conf/openmetadata.yaml
2025-01-03 18:10:07 +05:30
In `openmetadata.yaml` file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup.
2023-12-13 14:03:08 +01:00
2025-01-03 18:10:07 +05:30
Check the more information about environment variable [here ](/deployment/security/configuration-parameters ).
{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}
```implicit
# Implicit Flow
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals: # Your `name` from name@domain .com
- "admin"
- "user1"
- "user2"
principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (your domain.com from name@domain .com).
2023-12-13 14:03:08 +01:00
authenticationConfiguration:
2025-01-03 18:10:07 +05:30
provider: "okta"
2023-12-13 14:03:08 +01:00
publicKeyUrls:
- "{ISSUER_URL}/v1/keys"
2024-05-31 22:11:14 +05:30
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
2023-12-13 14:03:08 +01:00
authority: "{ISSUER_URL}"
2025-01-03 18:10:07 +05:30
clientId: "{Client ID}"
2023-12-13 14:03:08 +01:00
callbackUrl: "http://localhost:8585/callback"
2025-01-03 18:10:07 +05:30
clientType: "public"
2023-12-13 14:03:08 +01:00
```
2025-01-03 18:10:07 +05:30
```authcode
# Auth Code Flow
2023-12-13 14:03:08 +01:00
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
2025-01-03 18:10:07 +05:30
adminPrincipals: # Your `name` from name@domain .com
- "admin"
2023-12-13 14:03:08 +01:00
- "user1"
- "user2"
2025-01-03 18:10:07 +05:30
principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (your domain.com from name@domain .com).
authenticationConfiguration:
provider: "okta"
publicKeyUrls:
- "{ISSUER_URL}/v1/keys"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "{ISSUER_URL}" # Update Okta Issuer URL
clientId: "{Client ID}" # Update Okta Client ID
callbackUrl: "http://localhost:8585/callback"
clientType: "confidential"
oidcConfiguration:
id: "{Client ID}" # Update you Okta Client ID
type: "okta"
secret: "{Client Secret}" # Update with Okta Client Secret
discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration" # Update your Issuer URL
callbackUrl: http://localhost:8585/callback"
serverUrl: "http://localhost:8585"
2023-12-13 14:03:08 +01:00
```
2025-01-03 18:10:07 +05:30
{% /codeWithLanguageSelector %}
2023-12-13 14:03:08 +01:00
2025-04-18 08:42:17 +02:00
{% partial file="/v1.8/deployment/configure-ingestion.md" /%}
2023-12-13 14:03:08 +01:00
2025-01-03 18:10:07 +05:30
{% inlineCalloutContainer %}
{% inlineCallout
color="violet-70"
icon="MdArrowBack"
bold="OKTA"
href="/deployment/security/okta" %}
Go to okta Configuration
{% /inlineCallout %}
{% /inlineCalloutContainer %}
