2022-07-09 20:31:41 +02:00
---
title: Okta SSO for Kubernetes
slug: /deployment/security/okta/kubernetes
---
# Okta SSO for Kubernetes
Check the Helm information [here ](https://artifacthub.io/packages/search?repo=open-metadata ).
Once the `Client Id` and `Client Secret` are generated, see the snippet below for an example of where to
place the client id value and update the authorizer configurations in the `values.yaml` .
2022-08-24 09:20:42 +05:30
Note: Make sure to add the Ingestion Client ID for the Service application in `botPrincipals` . This can be found in Okta -> Applications -> Applications, Refer to Step 3 for `Creating Service Application` .
2022-07-09 20:31:41 +02:00
```yaml
global:
authorizer:
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"
botPrincipals:
2022-08-24 09:20:42 +05:30
- ingestion-bot
2022-07-09 20:31:41 +02:00
- "< service_application_client_id > "
principalDomain: "open-metadata.org"
authentication:
2022-07-17 21:08:35 +02:00
provider: "okta"
2022-07-09 20:31:41 +02:00
publicKeys:
2022-07-17 21:08:35 +02:00
- "{ISSUER_URL}/v1/keys"
authority: "{ISSUER_URL}"
clientId: "{CLIENT_ID - SPA APP}"
2022-07-09 20:31:41 +02:00
callbackUrl: "http://localhost:8585/callback"
airflow:
openmetadata:
2022-07-17 21:08:35 +02:00
authProvider: "okta"
okta:
2022-07-09 20:31:41 +02:00
clientId: ""
2022-07-17 21:08:35 +02:00
orgUrl: ""
privateKey:
secretRef: okta-client-private-key-secret
secretKey: okta-client-private-key-secret
email: ""
scopes: [ ]
2022-07-09 20:31:41 +02:00
```
