yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-12 19:48:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.6.x/deployment/security/okta/bare-metal.md
tarunpandey23 21ca28782f
feat: Updated And Refactor Docs (#19211) 
* Updated Docs

* Updated

* updated image versions

---------

Co-authored-by: Tarun <tarun.p@deuexsolutions.com>
Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com>
2025-01-03 12:40:07 +00:00

3.2 KiB
Raw Permalink Blame History

title slug collate
Okta SSO for Bare Metal /deployment/security/okta/bare-metal false

Okta SSO for Bare Metal

Update conf/openmetadata.yaml

In openmetadata.yaml file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup.

Check the more information about environment variable here.

{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}

# Implicit Flow
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                                          # Your `name` from name@domain.com
    - "admin"
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
authenticationConfiguration:
  provider: "okta" 
  publicKeyUrls:
    - "{ISSUER_URL}/v1/keys"
    - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
  authority: "{ISSUER_URL}"
  clientId: "{Client ID}"
  callbackUrl: "http://localhost:8585/callback"
  clientType: "public"

# Auth Code Flow 
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                                          # Your `name` from name@domain.com
    - "admin"
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
authenticationConfiguration:
  provider: "okta" 
  publicKeyUrls:
    - "{ISSUER_URL}/v1/keys"
    - "{your domain}/api/v1/system/config/jwks"             # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
  authority: "{ISSUER_URL}"                                 # Update Okta Issuer URL
  clientId: "{Client ID}"                                   # Update Okta Client ID
  callbackUrl: "http://localhost:8585/callback"
  clientType: "confidential"
  oidcConfiguration:
    id: "{Client ID}"                                       # Update you Okta Client ID
    type: "okta"     
    secret: "{Client Secret}"                               # Update with Okta Client Secret
    discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration"      # Update your Issuer URL    
    callbackUrl: http://localhost:8585/callback"
    serverUrl: "http://localhost:8585"

{% /codeWithLanguageSelector %}

{% partial file="/v1.6/deployment/configure-ingestion.md" /%}

{% inlineCalloutContainer %} {% inlineCallout color="violet-70" icon="MdArrowBack" bold="OKTA" href="/deployment/security/okta" %} Go to okta Configuration {% /inlineCallout %} {% /inlineCalloutContainer %}