OpenMetadata/deploy/deploy-on-kubernetes/enable-security/okta-sso/okta-config.md

# Configure OpenMetadata Helm

## Update Helm Values

Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.

```yaml
authenticationConfiguration:
  provider: "okta"
  publicKeyUrls:
    - "{ISSUER_URL}/v1/keys"
  authority: "{ISSUER_URL}"
  clientId: "{CLIENT_ID - SPA APP}"
  callbackUrl: "http://localhost:8585/callback"
```

* **ISSUER\_URL** - This can be found in **Security -> API -> Authorization Servers**.

![](<../../../../docs/.gitbook/assets/image (31) (1).png>)

* **CLIENT\_ID - SPA APP** - This is the Client\_ID for Single Page Applications. On configuring the app, the Client\_ID can be found in the **General** section, under **Client Credentials >> Client ID**

![](<../../../../docs/.gitbook/assets/image (60).png>)

Update `authorizerConfiguration` to add `adminPrincipals`

* For `adminPrincipals`, add the **Username**.
* For `botPrincipals`, add the **Ingestion Client ID** for the Service application. This can be found in **Okta -> Applications -> Applications**.

![](<../../../../docs/.gitbook/assets/image (35).png>)

```yaml
global:
  authorizer:
    className: "org.openmetadata.catalog.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
    initialAdmin: "<username>"
    botPrincipal: "<Ingestion Client ID>"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "okta"
    publicKey: "{ISSUER_URL}/v1/keys"
    authority: "{ISSUER_URL}"
    clientId: "{CLIENT_ID - SPA APP}"
    callbackUrl: "http://localhost:8585/callback"
authenticationConfiguration:
  provider: "okta"
  publicKey: "{ISSUER_URL}/v1/keys"
  authority: "{ISSUER_URL}"
  clientId: "{CLIENT_ID - SPA APP}"
  callbackUrl: "http://localhost:8585/callback"
```

### Upgrade Helm Release

Head towards [upgrade-openmetadata-on-kubernetes.md](../../../../upgrade/upgrade-on-kubernetes/upgrade-openmetadata-on-kubernetes.md "mention") to upgrade your OpenMetadata Helm Release.
GitBook: [#174] Update Kubernetes Docs 2022-03-30 21:08:44 +00:00			`# Configure OpenMetadata Helm`
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00
GitBook: [#174] Update Kubernetes Docs 2022-03-30 21:08:44 +00:00			`## Update Helm Values`
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00
GitBook: [#95] Okta Changes 2022-03-15 16:03:07 +00:00			Once the Client Id, and Issuer URL are generated, add those details in `openmetadata-security.yaml` file in the respective fields.
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00
			```yaml
			`authenticationConfiguration:`
			`provider: "okta"`
Add config for using multiple JWKs providers (#3738) 2022-03-30 21:52:53 +01:00			`publicKeyUrls:`
			`- "{ISSUER_URL}/v1/keys"`
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00			`authority: "{ISSUER_URL}"`
			`clientId: "{CLIENT_ID - SPA APP}"`
			`callbackUrl: "http://localhost:8585/callback"`
			```

GitBook: [#95] Okta Changes 2022-03-15 16:03:07 +00:00			`* ISSUER\_URL - This can be found in Security -> API -> Authorization Servers.`

GitBook: [#129] New Connectors 2022-03-24 10:09:23 +00:00			`![](<../../../../docs/.gitbook/assets/image (31) (1).png>)`
GitBook: [#95] Okta Changes 2022-03-15 16:03:07 +00:00
			`* CLIENT\_ID - SPA APP - This is the Client\_ID for Single Page Applications. On configuring the app, the Client\_ID can be found in the General section, under Client Credentials >> Client ID`

			`![](<../../../../docs/.gitbook/assets/image (60).png>)`

			Update `authorizerConfiguration` to add `adminPrincipals`

			* For `adminPrincipals`, add the Username.
			* For `botPrincipals`, add the Ingestion Client ID for the Service application. This can be found in Okta -> Applications -> Applications.

			`![](<../../../../docs/.gitbook/assets/image (35).png>)`
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00
			```yaml
GitBook: [#174] Update Kubernetes Docs 2022-03-30 21:08:44 +00:00			`global:`
			`authorizer:`
			`className: "org.openmetadata.catalog.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"`
			`initialAdmin: "<username>"`
			`botPrincipal: "<Ingestion Client ID>"`
			`principalDomain: "open-metadata.org"`
			`authentication:`
			`provider: "okta"`
			`publicKey: "{ISSUER_URL}/v1/keys"`
			`authority: "{ISSUER_URL}"`
			`clientId: "{CLIENT_ID - SPA APP}"`
			`callbackUrl: "http://localhost:8585/callback"`
			`authenticationConfiguration:`
			`provider: "okta"`
			`publicKey: "{ISSUER_URL}/v1/keys"`
			`authority: "{ISSUER_URL}"`
			`clientId: "{CLIENT_ID - SPA APP}"`
			`callbackUrl: "http://localhost:8585/callback"`
GitBook: [#80] Format Connectors 2022-03-10 08:59:13 +00:00			```
GitBook: [#174] Update Kubernetes Docs 2022-03-30 21:08:44 +00:00
			`### Upgrade Helm Release`

			`Head towards [upgrade-openmetadata-on-kubernetes.md](../../../../upgrade/upgrade-on-kubernetes/upgrade-openmetadata-on-kubernetes.md "mention") to upgrade your OpenMetadata Helm Release.`