mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2026-01-08 05:26:19 +00:00
1.6 KiB
1.6 KiB
| title | slug |
|---|---|
| Okta SSO for Bare Metal | /deployment/security/okta/bare-metal |
Okta SSO for Bare Metal
Update conf/openmetadata.yaml
Once the Client Id and Client Secret are generated add the Client Id in openmetadata.yaml file in client_id field.
authenticationConfiguration:
provider: "okta"
publicKeyUrls:
- "{ISSUER_URL}/v1/keys"
authority: "{ISSUER_URL}"
clientId: "{CLIENT_ID - SPA APP}"
callbackUrl: "http://localhost:8585/callback"
Then,
- Update
authorizerConfigurationto add login names of the admin users inadminPrincipalssection as shown below. - Update the
principalDomainto your company domain name.
authorizerConfiguration:
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"
botPrincipals:
- "ingestion-bot"
principalDomain: "open-metadata.org"
Finally, update the Airflow information:
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
authProvider: azure
authConfig:
okta:
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}