Skip to main content

Okta Logo

Okta Integration

This guide provides step-by-step instructions on integrating Okta as an identity provider for your Project.

Prerequisites

  • An Okta account with access to the Okta Developer Console. If you don't have one, you can sign up at Okta.

Steps to Integrate Okta

  1. Register a New Application in Okta

    • Log in to the Okta Developer Console.
    • Navigate to "Applications" > "Applications".
    • Click on "Create App Integration".
    • Choose "OIDC - OpenID Connect" as the sign-in method.
    • Choose "Web Application" as the application type and click "Next".
    • Provide a name for your application.
    • Set assignments as per your requirements.
    • Click save.

  2. Copy Configuration information

    • After registering the application, navigate to the "General" tab.
    • Copy the "Client ID"
    • Copy the "Client Secret"
    • Click Edit and enable PKCE.
    • Use the following URLS:
      • OAuth 2.0 authorization endpoint (v2): https://[your-okta-tenant-domain]/oauth2/v1/authorize
      • OAuth 2.0 token endpoint (v2)l: https://[your-okta-tenant-domain]/oauth2/v1/token
      • Json web key set Url: https://[your-okta-tenant-domain]/oauth2/v1/keys

  3. Create IdentityProvider Resource in Haste Health

    • Go to the Haste Health Admin App for your tenant.
    • Navigate to the system project.
    • Click Identity Provider
    • Click New
    • Provide the following details:
      • Name: A friendly name for the identity provider (e.g., Okta).
      • Status: Set to active.
      • Access Type: Set to oidc.
      • Authorization_endpoint: The OAuth 2.0 authorization endpoint copied from step 2.
      • Token_endpoint: The OAuth 2.0 token endpoint copied from step 2.
      • Jwks_uri: The Json web key set Url copied from step 2.
      • Scopes: Specify the scopes required for your application (e.g., openid profile email note openid is required to verify user).
      • Client ID: The Application (client) ID copied from Okta.
      • Client Secret: The Client Secret copied from Okta in step 2.
      • Enable PKCE: Enable pkce and use S256 as the code challenge method.
      • Click Create to save the new Identity Provider configuration.

  4. Add Redirect URI in Okta

    • Go back to your Okta
    • Navigate to the application you created.
    • Under general settings click edit.
    • In the "Redirect URIs" section, add a new redirect URI for your Haste Health tenant: https:://[haste-health-host]/w/[my-tenant]/system/api/v1/oidc/federated/[idp-resource-id]/callback

  5. Test the Integration

    • Click Projects in system admin app and modify at the bottom identity providers.
    • Add the Okta identity provider to the desired project.
    • Attempt to log in to your Haste Health application using the Okta identity provider to ensure everything is set up correctly.