OpenMetadata/openmetadata-docs/content/v1.6.x/deployment/security/okta/docker.md

---
title: Okta SSO for Docker
slug: /deployment/security/okta/docker
collate: false
---

# Okta SSO for Docker

To enable security for the Docker deployment, follow the next steps:

## 1. Create an .env file

Create an `openmetadata_okta.env` file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup.

Check the more information about environment variable [here](/deployment/security/configuration-parameters).


{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}

```implicit
# Implicit Flow
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin]                 # john.doe from john.doe@example.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org       # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).
AUTHENTICATION_PROVIDER=okta
AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL
AUTHENTICATION_AUTHORITY={ISSUER_URL}           # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={CLIENT_ID}            # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CLIENT_TYPE= public
```

```authcode
# Auth Code Flow 
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin]                 # john.doe from john.doe@example.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org       # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).
AUTHENTICATION_PROVIDER=okta
AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys,{your domain}/api/v1/system/config/jwks]   # Update with your Issuer URL and  Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={ISSUER_URL}           # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={Client ID}            # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback 
AUTHENTICATION_CLIENT_TYPE=confidential

OIDC_CLIENT_ID={Client ID}                      # Update with your Client ID
OIDC_TYPE=okta
OIDC_CLIENT_SECRET={Client Secret}              # Update with your Client Secret
OIDC_DISCOVERY_URI: http://{ISSUER_URL}/.well-known/openid-configuration        # Update with your Issuer URL
OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}

```
{% /codeWithLanguageSelector %}


## 2. Start Docker

```commandline
docker compose --env-file ~/openmetadata_okta.env up -d
```

{% partial file="/v1.6/deployment/configure-ingestion.md" /%}

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="MdArrowBack"
    bold="OKTA"
    href="/deployment/security/okta" %}
    Go to okta Configuration
  {% /inlineCallout %}
{% /inlineCalloutContainer %}
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`---`
			`title: Okta SSO for Docker`
			`slug: /deployment/security/okta/docker`
DOCS - OSS deployment is flagged as Collate False (#17722) 2024-09-05 10:30:31 +02:00			`collate: false`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`---`

			`# Okta SSO for Docker`

			`To enable security for the Docker deployment, follow the next steps:`

			`## 1. Create an .env file`

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			Create an `openmetadata_okta.env` file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup.
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`Check the more information about environment variable [here](/deployment/security/configuration-parameters).`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			```implicit
			`# Implicit Flow`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer`
			`AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com`
			`AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`AUTHENTICATION_PROVIDER=okta`
			`AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL`
			`AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`AUTHENTICATION_CLIENT_TYPE= public`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			```

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			```authcode
			`# Auth Code Flow`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer`
			`AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com`
			`AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			`AUTHENTICATION_PROVIDER=okta`
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys,{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL and Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens`
			`AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL`
			`AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID`
			`AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback`
			`AUTHENTICATION_CLIENT_TYPE=confidential`

			`OIDC_CLIENT_ID={Client ID} # Update with your Client ID`
			`OIDC_TYPE=okta`
			`OIDC_CLIENT_SECRET={Client Secret} # Update with your Client Secret`
			`OIDC_DISCOVERY_URI: http://{ISSUER_URL}/.well-known/openid-configuration # Update with your Issuer URL`
			`OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}`

MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00			```
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`{% /codeWithLanguageSelector %}`
MINOR - Prepare 1.3 docs directories (#14357) 2023-12-13 14:03:08 +01:00

			`## 2. Start Docker`

			```commandline
			`docker compose --env-file ~/openmetadata_okta.env up -d`
			```
feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30
			`{% partial file="/v1.6/deployment/configure-ingestion.md" /%}`

			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="MdArrowBack"`
			`bold="OKTA"`
			`href="/deployment/security/okta" %}`
			`Go to okta Configuration`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`