You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update Okta OIDC provider setup documentation with ONI app catalog steps
Expanded the setup instructions for Okta as an OIDC provider, including steps for both ONI App Catalog. This is required for publishing of the official ONI app in Okta. Re-labled the previous instructions as custom oidc application.
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/idp-integration/okta.mdx
+44-1Lines changed: 44 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,50 @@ Okta provides cloud software that helps companies manage and secure user authent
10
10
11
11
Additionally, you can configure Okta to use risk information from Zero Trust [user risk scores](/cloudflare-one/insights/risk-score/) to create SSO-level policies. For more information, refer to [Send risk score to Okta](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta).
12
12
13
-
## Set up Okta as an OIDC provider
13
+
## Set up Okta as an OIDC provider (ONI App Catalog)
14
+
15
+
1. Log in to your Okta admin dashboard.
16
+
17
+
2. Navigate to Applications > Applications.
18
+
19
+
3. Click Browse App Catalog.
20
+
21
+
4. Search for "Cloudflare One" and select the official Cloudflare application (OIDC).
22
+
23
+
5. Click Add.
24
+
25
+
6. Add an application label and Team domain:
26
+
27
+
```txt
28
+
<your-team-name>.cloudflareaccess.com
29
+
```
30
+
You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
31
+
32
+
33
+
7. In the **Sign On** tab, copy the **Client ID** and **Client secret**.
34
+
35
+
8. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
36
+
37
+
9. Under **Login methods**, select **Add new**. Select **Okta** as your identity provider.
38
+
39
+
10. Fill in the following information:
40
+
-**Name**: Name your identity provider.
41
+
-**App ID**: Enter your Okta client ID.
42
+
-**Client secret**: Enter your Okta client secret.
43
+
-**Okta account URL**: Enter your [Okta domain](https://developer.okta.com/docs/guides/find-your-domain/main/), for example `https://my-company.okta.com`.
44
+
45
+
11. (Optional) Create an Okta API token and enter it in Zero Trust (the token can be read-only). This will prevent your Okta groups from failing if you have more than 100 groups.
46
+
47
+
12. (Optional) To configure [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims):
48
+
1. In Okta, create a [custom authorization server](https://developer.okta.com/docs/guides/customize-authz-server/main/) and ensure that the `groups` scope is enabled.
49
+
2. In Zero Trust, enter the **Authorization Server ID** obtained from Okta.
50
+
3. Under **Optional configurations**, enter the claims that you wish to add to your users' identity.
51
+
52
+
13. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
53
+
54
+
14. Select **Save**.
55
+
56
+
## Set up Okta as an OIDC provider (Custom OIDC Application)
14
57
15
58
1. On your Okta admin dashboard, go to **Applications** > **Applications**.
0 commit comments