OpenMetadata/deploy/deploy-on-kubernetes/enable-security/okta-sso/okta-config.md

# Copy of Configure OpenMetadata Server

## Update conf/openmetadata-security.yaml

* Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.

```yaml
authenticationConfiguration:
  provider: "okta"
  publicKey: "{ISSUER_URL}/v1/keys"
  authority: "{ISSUER_URL}"
  clientId: "{CLIENT_ID - SPA APP}"
  callbackUrl: "http://localhost:8585/callback"
```

* Update `authorizerConfiguration` to add `adminPrincipals`

```yaml
authorizerConfiguration:
  className: "org.openmetadata.catalog.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
  adminPrincipals:
    - "<username>"
  botPrincipals:
    - "ingestion-bot"
    - "<Ingestion Client ID>"
  principalDomain: "open-metadata.org"
```
Docs (#3276) * GitBook: [#50] BigQuery, Glue, MSSQL, Postgres, Redshift, Snowflake - V2 * GitBook: [#62] No subject * GitBook: [#63] No subject * GitBook: [#64] Beta * GitBook: [#65] Make Harsha's requested changes to connectors section organization * GitBook: [#66] Kerberos authentication with Hive * GitBook: [#67] Fix procedure overview links * GitBook: [#68] Fix procedure overview links * GitBook: [#69] correct step reference * GitBook: [#70] Add Kerberos connection troubleshooting * updated json schema and schema docs (#3219) * updated json schema and schema docs * added glossay to readme * GitBook: [#72] Metrics & Tests Co-authored-by: Parth Panchal <parth.panchal@deuexsolutions.com> Co-authored-by: Shilpa V <vernekar.shilpa@gmail.com> Co-authored-by: Shannon Bradshaw <shannon.bradshaw@arrikto.com> Co-authored-by: parthp2107 <83201188+parthp2107@users.noreply.github.com> Co-authored-by: pmbrull <peremiquelbrull@gmail.com> 2022-03-08 08:13:37 -08:00			`# Copy of Configure OpenMetadata Server`

			`## Update conf/openmetadata-security.yaml`

			* Once the Client Id, and Issuer URL are generated, add those details in `openmetadata-security.yaml` file in the respective fields.

			```yaml
			`authenticationConfiguration:`
			`provider: "okta"`
			`publicKey: "{ISSUER_URL}/v1/keys"`
			`authority: "{ISSUER_URL}"`
			`clientId: "{CLIENT_ID - SPA APP}"`
			`callbackUrl: "http://localhost:8585/callback"`
			```

			* Update `authorizerConfiguration` to add `adminPrincipals`

			```yaml
			`authorizerConfiguration:`
			`className: "org.openmetadata.catalog.security.DefaultAuthorizer"`
			`containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"`
			`adminPrincipals:`
			`- "<username>"`
			`botPrincipals:`
			`- "ingestion-bot"`
			`- "<Ingestion Client ID>"`
			`principalDomain: "open-metadata.org"`
			```