OpenMetadata/openmetadata-docs/content/v1.8.x-SNAPSHOT/deployment/security/okta/kubernetes.md

---
title: Okta SSO for Kubernetes
slug: /deployment/security/okta/kubernetes
collate: false
---

# Okta SSO for Kubernetes

Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).

Here is an example for reference, showing where to place the values in the `values.yaml` file after setting up your OKTA account and obtaining the application credentials.

Check the more information about environment variable [here](/deployment/security/configuration-parameters).


{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}

```implicit
# Public Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from john.doe@example.com
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).  

    authentication:
      clientType: public
      provider: "okta"
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks"     # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{ISSUER_URL}/v1/keys"
      authority: "{ISSUER_URL}"    
      clientId: "{Client ID}"                 # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"
```

```authcode
# Auth Code Flow 

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"  
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"  
      initialAdmins:  # john.doe from john.doe@example.com
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).  

    authentication:
      clientType: confidential 
      provider: "okta" 
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks"         # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{ISSUER_URL}/v1/keys"
      authority: "{ISSUER_URL}"  
      clientId: "{Client ID}"                             # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"
      oidcConfiguration:
        oidcType: "okta"  
        clientId:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-id  
        clientSecret:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-secret  
        discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration"      # Update your Issuer URL
        callbackUrl: http://localhost:8585/callback  
        serverUrl: http://localhost:8585  
```

{% /codeWithLanguageSelector %}


{% partial file="/v1.8/deployment/configure-ingestion.md" /%}


{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="MdArrowBack"
    bold="OKTA"
    href="/deployment/security/okta" %}
    Go to okta Configuration
  {% /inlineCallout %}
{% /inlineCalloutContainer %}
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`
			`title: Okta SSO for Kubernetes`
			`slug: /deployment/security/okta/kubernetes`
DOCS - OSS deployment is flagged as Collate False (#17722) 2024-09-05 10:30:31 +02:00			`collate: false`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`---`

			`# Okta SSO for Kubernetes`

			`Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).`

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			Here is an example for reference, showing where to place the values in the `values.yaml` file after setting up your OKTA account and obtaining the application credentials.
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`Check the more information about environment variable [here](/deployment/security/configuration-parameters).`


			`{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}`

			```implicit
			`# Public Flow`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00
			`openmetadata:`
			`config:`
			`authorizer:`
			`className: "org.openmetadata.service.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.service.security.JwtFilter"`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`initialAdmins: # john.doe from john.doe@example.com`
			`- "admin"`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`- "user1"`
			`- "user2"`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`

docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`authentication:`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`clientType: public`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`provider: "okta"`
			`publicKeys:`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`- "{ISSUER_URL}/v1/keys"`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`authority: "{ISSUER_URL}"`
			`clientId: "{Client ID}" # Update your Client ID`
docs: add 1.5.x-SNAPSHOT (#16694) 2024-06-18 15:53:06 +02:00			`callbackUrl: "http://localhost:8585/callback"`
			```

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			```authcode
			`# Auth Code Flow`

			`openmetadata:`
			`config:`
			`authorizer:`
			`className: "org.openmetadata.service.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.service.security.JwtFilter"`
			`initialAdmins: # john.doe from john.doe@example.com`
			`- "admin"`
			`- "user1"`
			`- "user2"`
			`principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`

			`authentication:`
			`clientType: confidential`
			`provider: "okta"`
			`publicKeys:`
			`- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens`
			`- "{ISSUER_URL}/v1/keys"`
			`authority: "{ISSUER_URL}"`
			`clientId: "{Client ID}" # Update your Client ID`
			`callbackUrl: "http://localhost:8585/callback"`
			`oidcConfiguration:`
			`oidcType: "okta"`
			`clientId:`
			`secretRef: oidc-secrets`
			`secretKey: openmetadata-oidc-client-id`
			`clientSecret:`
			`secretRef: oidc-secrets`
			`secretKey: openmetadata-oidc-client-secret`
			`discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration" # Update your Issuer URL`
			`callbackUrl: http://localhost:8585/callback`
			`serverUrl: http://localhost:8585`
			```

			`{% /codeWithLanguageSelector %}`


Docs - Prepare 1.7 docs and 1.8 snapshot (#20882) * DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT * DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT 2025-04-18 08:42:17 +02:00			`{% partial file="/v1.8/deployment/configure-ingestion.md" /%}`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30

			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="MdArrowBack"`
			`bold="OKTA"`
			`href="/deployment/security/okta" %}`
			`Go to okta Configuration`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`