ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page

Was this helpful?

  1. Configuration
  2. Web App Authentication and Authorization
  3. OIDC/OAuth2

Okta

PreviousCognitoNextSAML

Last updated 3 years ago

Was this helpful?

Here are step-by-step directions for configuring Okta as an identity provider in ConsoleMe:

  1. Sign up for an Okta account, or sign in to your existing account

  2. Visit Applications -> "Create App Integration"

  1. Create the integration with redirect URIs (for local testing) of http://localhost:3000/auth and http://localhost:8081/auth and save.

  1. Click Okta API Scopes and add okta.groups.read and okta.users.read.self

  • oidc_secrets.client_id = Client ID in Okta

  • oidc_secrets.secret = Client Secret in Okta

  • oidc_secrets.client_scope = List of Scopes granted to the App integration in Okta

  • get_user_by_oidc_settings.resource = Name of the App Resource in Okta

  • get_user_by_oidc_settings.metadata_url = The metadata URL of your Okta App Integration. Usually this is one of the following:

    • https://YOURDOMAIN.okta.com/oauth2/default/.well-known/oauth-authorization-server

    • https://YOURDOMAIN.okta.com/oauth2/default/.well-known/openid-configuration

  1. Start yarn or build the Frontend files for Tornado to serve

  • In the consoleme/ui directory, run yarn

  • Run yarn start to have the frontend served by Yarn on http://localhost:3000. The backend API endpoints will be served by Python (Tornado) on http://localhost:8081.

  • Run yarn build:prod to build the frontend files and put them in a location for the backend to serve. ConsoleMe will be accessible on http://localhost:8081.

export CONFIG_LOCATION=/location/to/your/config.yaml
python /location/to/consoleme/__main__.py
  1. Visit http://localhost:3000 (if serving via Yarn), or http://localhost:8081 (If you built the frontend files to serve via Tornado) to test.

Make a ConsoleMe configuration. You can do this by copying to a directory of your choice and changing the various values in that file to suit your needs. The key values to change are:

Start ConsoleMe by setting the CONFIG_LOCATION environment variable and running consoleme/__main__.py with Python in your virtualenv (This was created in the )

example_config/example_config_oidc_all_in_one.yaml
Local Quick Start guide