You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/idp-integration/okta.mdx
+14-8Lines changed: 14 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ Okta provides cloud software that helps companies manage and secure user authent
10
10
11
11
Additionally, you can configure Okta to use risk information from Zero Trust [user risk scores](/cloudflare-one/insights/risk-score/) to create SSO-level policies. For more information, refer to [Send risk score to Okta](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta).
12
12
13
-
## Set up Okta as an OIDC provider (Okta App Catalog)
13
+
## Set up Okta as an OIDC provider (Okta Application Catalog)
14
14
15
15
1. Log in to your Okta admin dashboard.
16
16
@@ -32,26 +32,32 @@ Additionally, you can configure Okta to use risk information from Zero Trust [us
32
32
33
33
7. In the **Sign On** tab, copy the **Client ID** and **Client secret**.
34
34
35
-
8. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
35
+
8. Scroll down to the **OpenID ConnectID Token** and select **Edit**.
36
+
37
+
38
+
39
+
9. Set the **Groups claim filter** to _Matches regex_ and its value to `.*`.
40
+
41
+
10. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
36
42
37
-
9. Under **Login methods**, select **Add new**. Select **Okta** as your identity provider.
43
+
11. Under **Login methods**, select **Add new**. Select **Okta** as your identity provider.
38
44
39
-
10. Fill in the following information:
45
+
12. Fill in the following information:
40
46
-**Name**: Name your identity provider.
41
47
-**App ID**: Enter your Okta client ID.
42
48
-**Client secret**: Enter your Okta client secret.
43
49
-**Okta account URL**: Enter your [Okta domain](https://developer.okta.com/docs/guides/find-your-domain/main/), for example `https://my-company.okta.com`.
44
50
45
-
11. (Optional) Create an Okta API token and enter it in Zero Trust (the token can be read-only). This will prevent your Okta groups from failing if you have more than 100 groups.
51
+
13. (Optional) Create an Okta API token and enter it in Zero Trust (the token can be read-only). This will prevent your Okta groups from failing if you have more than 100 groups.
46
52
47
-
12. (Optional) To configure [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims):
53
+
14. (Optional) To configure [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims):
48
54
1. In Okta, create a [custom authorization server](https://developer.okta.com/docs/guides/customize-authz-server/main/) and ensure that the `groups` scope is enabled.
49
55
2. In Zero Trust, enter the **Authorization Server ID** obtained from Okta.
50
56
3. Under **Optional configurations**, enter the claims that you wish to add to your users' identity.
51
57
52
-
13. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
58
+
15. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
53
59
54
-
14. Select **Save**.
60
+
16. Select **Save**.
55
61
56
62
## Set up Okta as an OIDC provider (Custom OIDC Application)
0 commit comments