Creating an Okta Application That Will Serve as Identity Provider
Log in to Okta with your admin account, and from theApplicationsmenu, selectApplications > Create App Integration.
Edit the settings as follows and then clickNext.
SetSign-in methodtoOIDC.
Set Application type to Web Application.
Edit the settings as follows and then clickSave.
UnderApp integration name, enter a name for your application, e.g. "IGEL Onboarding Service".
Make sure that as theGrant type, the optionAuthorization Code is selected.
UnderSign-in redirect URIs, enter "https://obs.services.igel.com/".
UnderAssignments, depending on your company policy, either allow everyone or select an existing group configured underDirectory > Groups. You can change this configuration after creating the app integration under theAssignmentstab of the application.
The app integration is created.
Select theGeneraltab and then clickEdit.
Under Client authentication, select Client secret and make sure that underProof Key for Code Exchange (PKCE),Require PKCE as additional verificationis enabled. Afterward, clickSave. The client secret will be created.
Registering Our Okta Application in the IGEL Customer Portal
Open theIGEL Customer Portalin your browser, log in to your admin account,and selectUsers >IGEL OS IdP.
ClickRegister IGEL OS IdP.
Enter a Display name. This is the name under which your identity provider app will be displayed.
Change to the tab with your Okta app, go to theGeneraltab and copy the Client ID.
Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client ID into the fieldClient ID.
Change to the tab with your Okta app, go to theGeneraltab and copy the Client Secret.
Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client secret into the fieldClient secret.
To get theAuthorization Endpoint URL andToken Endpoint URL enter into your browser:https://<yourOktaOrg>/.well-known/openid-configuration Example:https://dev-xxxxxx-admin.okta.com/.well-known/openid-configuration
Copy and paste the values into theAuthorization Endpoint URL andToken Endpoint URL fields one by one.
To add a domain, clickAdd, enter theDomain name, and then clickAddin the dialog.