mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-16 05:30:39 +00:00
2.1 KiB
2.1 KiB
| title | slug |
|---|---|
| Okta SSO for Bare Metal | /deployment/security/okta/bare-metal |
Okta SSO for Bare Metal
Update conf/openmetadata.yaml
Once the Client Id and Client Secret are generated add the Client Id in openmetadata.yaml file in client_id field.
authenticationConfiguration:
provider: "okta"
publicKeyUrls:
- "{ISSUER_URL}/v1/keys"
authority: "{ISSUER_URL}"
clientId: "{CLIENT_ID - SPA APP}"
callbackUrl: "http://localhost:8585/callback"
Then,
- Update
authorizerConfigurationto add login names of the admin users inadminPrincipalssection as shown below. - Update the
principalDomainto your company domain name.
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"
principalDomain: "open-metadata.org"
In 0.12.1 the className and containerRequestFilter must replace org.openmetadata.catalog by org.openmetadata.service.
Finally, update the Airflow information:
Before 0.12.1
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
authProvider: okta
authConfig:
okta:
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
After 0.12.1
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
Note: Follow this guide to configure the ingestion-bot credentials for
ingesting data from Airflow.