Okta
Here are step-by-step directions for configuring Okta as an identity provider in ConsoleMe:
Sign up for an Okta account, or sign in to your existing account
Visit Applications -> "Create App Integration"
Create the integration with redirect URIs (for local testing) of http://localhost:3000/auth and http://localhost:8081/auth and save.
Click Okta API Scopes and add okta.groups.read and okta.users.read.self
Make a ConsoleMe configuration. You can do this by copying example_config/example_config_oidc_all_in_one.yaml to a directory of your choice and changing the various values in that file to suit your needs. The key values to change are:
oidc_secrets.client_id = Client ID in Okta
oidc_secrets.secret = Client Secret in Okta
oidc_secrets.client_scope = List of Scopes granted to the App integration in Okta
get_user_by_oidc_settings.resource = Name of the App Resource in Okta
get_user_by_oidc_settings.metadata_url = The metadata URL of your Okta App Integration. Usually this is one of the following:
https://YOURDOMAIN.okta.com/oauth2/default/.well-known/oauth-authorization-server
https://YOURDOMAIN.okta.com/oauth2/default/.well-known/openid-configuration
Start yarn or build the Frontend files for Tornado to serve
In the
consoleme/ui
directory, runyarn
Run
yarn start
to have the frontend served by Yarn onhttp://localhost:3000
. The backend API endpoints will be served by Python (Tornado) onhttp://localhost:8081
.Run
yarn build:prod
to build the frontend files and put them in a location for the backend to serve. ConsoleMe will be accessible onhttp://localhost:8081
.
Start ConsoleMe by setting the CONFIG_LOCATION environment variable and running
consoleme/__main__.py
with Python in your virtualenv (This was created in the Local Quick Start guide)
Visit http://localhost:3000 (if serving via Yarn), or http://localhost:8081 (If you built the frontend files to serve via Tornado) to test.
Last updated