GitBook: [#95] Okta Changes

deploy/deploy-on-bare-metal/enable-security/okta-sso/create-ingestion-service-account.md

@@ -76,14 +76,14 @@ curl --location --request POST '<domain-url>/oauth2/v1/clients' \
 * Click on **Applications -> Applications** in the left navigation bar.
 * You should see your service account in the list.
 
-![](<../../../../docs/.gitbook/assets/image (35) (1).png>)
+![](<../../../../docs/.gitbook/assets/image (35) (1) (1).png>)
 
 ## Step 4: Grant Allowed Scopes
 
 * To add scopes, navigate to your **Okta Dashboard**. Click on **Applications -> Applications** as in step 2.
 * Click on your service app.
 
-![](<../../../../docs/.gitbook/assets/image (35).png>)
+![](<../../../../docs/.gitbook/assets/image (35) (1).png>)
 
 * Now click on **Okta API Scopes** from the top nav bar.
 * Grant the scopes by clicking on **Grant**. Ensure that the following scopes are granted:

deploy/deploy-on-bare-metal/enable-security/okta-sso/okta-config.md

@@ -2,7 +2,7 @@
 
 ## Update conf/openmetadata-security.yaml
 
-* Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.
+Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.
 
 ```yaml
 authenticationConfiguration:
@@ -13,7 +13,20 @@ authenticationConfiguration:
   callbackUrl: "http://localhost:8585/callback"
 ```
 
-* Update `authorizerConfiguration` to add `adminPrincipals`
+* **ISSUER\_URL** - This can be found in **Security -> API -> Authorization Servers**.
+
+![](<../../../../docs/.gitbook/assets/image (31).png>)
+
+* **CLIENT\_ID - SPA APP** - This is the Client\_ID for Single Page Applications. On configuring the app, the Client\_ID can be found in the **General** section, under **Client Credentials >> Client ID**
+
+![](<../../../../docs/.gitbook/assets/image (60).png>)
+
+Update `authorizerConfiguration` to add `adminPrincipals`
+
+* For `adminPrincipals`, add the **Username**.
+* For `botPrincipals`, add the **Ingestion Client ID** for the Service application. This can be found in **Okta -> Applications -> Applications**.
+
+![](<../../../../docs/.gitbook/assets/image (35).png>)
 
 ```yaml
 authorizerConfiguration:

deploy/deploy-on-kubernetes/enable-security/okta-sso/create-ingestion-service-account.md

@@ -2,7 +2,7 @@
 description: This is a guide to create ingestion bot service app.
 ---
 
-# Copy of Create Service Application
+# Create Service Application
 
 ## Step 1: Generate Public/Private Key Pair
 
@@ -76,14 +76,14 @@ curl --location --request POST '<domain-url>/oauth2/v1/clients' \
 * Click on **Applications -> Applications** in the left navigation bar.
 * You should see your service account in the list.
 
-![](<../../../../docs/.gitbook/assets/image (35) (1).png>)
+![](<../../../../docs/.gitbook/assets/image (35) (1) (1).png>)
 
 ## Step 4: Grant Allowed Scopes
 
 * To add scopes, navigate to your **Okta Dashboard**. Click on **Applications -> Applications** as in step 2.
 * Click on your service app.
 
-![](<../../../../docs/.gitbook/assets/image (35).png>)
+![](<../../../../docs/.gitbook/assets/image (35) (1).png>)
 
 * Now click on **Okta API Scopes** from the top nav bar.
 * Grant the scopes by clicking on **Grant**. Ensure that the following scopes are granted:

deploy/deploy-on-kubernetes/enable-security/okta-sso/okta-config.md

@@ -1,8 +1,8 @@
-# Copy of Configure OpenMetadata Server
+# Configure OpenMetadata Server
 
 ## Update conf/openmetadata-security.yaml
 
-* Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.
+Once the **Client Id**, and **Issuer URL** are generated, add those details in `openmetadata-security.yaml` file in the respective fields.
 
 ```yaml
 authenticationConfiguration:
@@ -13,7 +13,20 @@ authenticationConfiguration:
   callbackUrl: "http://localhost:8585/callback"
 ```
 
-* Update `authorizerConfiguration` to add `adminPrincipals`
+* **ISSUER\_URL** - This can be found in **Security -> API -> Authorization Servers**.
+
+![](<../../../../docs/.gitbook/assets/image (31).png>)
+
+* **CLIENT\_ID - SPA APP** - This is the Client\_ID for Single Page Applications. On configuring the app, the Client\_ID can be found in the **General** section, under **Client Credentials >> Client ID**
+
+![](<../../../../docs/.gitbook/assets/image (60).png>)
+
+Update `authorizerConfiguration` to add `adminPrincipals`
+
+* For `adminPrincipals`, add the **Username**.
+* For `botPrincipals`, add the **Ingestion Client ID** for the Service application. This can be found in **Okta -> Applications -> Applications**.
+
+![](<../../../../docs/.gitbook/assets/image (35).png>)
 
 ```yaml
 authorizerConfiguration:

docs/integrations/connectors/bigquery/bigquery-metadata-extraction.md

@@ -583,7 +583,7 @@ If you want to limit metadata ingestion to a single database, enter the name of
 
 In this step we will configure the metadata ingestion settings for your BigQuery deployment. Please follow the instructions below to ensure that you've configured the connector to read from your BigQuery service as desired.
 
-![](<../../../.gitbook/assets/image (31) (1) (1).png>)
+![](<../../../.gitbook/assets/image (31) (1) (1) (1).png>)
 
 #### Ingestion name
 

docs/integrations/connectors/snowflake/snowflake-metadata-extraction.md

@@ -599,7 +599,7 @@ From the Database Service UI, click the _Add New Service_ button to add your Sno
 
 Select Snowflake as the service type.
 
-![](<../../../.gitbook/assets/image (60).png>)
+![](<../../../.gitbook/assets/image (60) (1).png>)