Okta

This page explains how to use Okta as the identity provider (IdP) to manage access to API Portals.

Introduction¶

You can use Okta as IdP for Traefik Hub.

Okta is an identity and access management (IAM) service that provides authentication and authorization.

Before you begin¶

If you replace your Traefik Hub internal IdP with an external IdP, all users, user groups, and tokens created by the internal IdP will be deleted.

This action is irreversible!

This article assumes that you already have a configured Okta tenant.

Configuration¶

Once you configured your Okta account settings, Traefik Hub will automatically create an integration application in Okta and will sync your groups from Okta to Traefik Hub.

Good to know

Users will only be listed in Traefik Hub after a successful login into an API Portal.

First, select Auth settings in the left navigation menu to get to the ID provider overview page in the UI.

Now, on the IdP overview page, select Okta on the external IdP provider.

In the next step, configure your Okta settings, the URL of your Okta organization, the full URL of your Okta authorization server and the token.

Field	Description	Required
`Organization URL`	URL of your Okta organization. Typical the org URL is the tenant name (the subdomain), and then the domain name. For example, https://my-org.okta.com	Yes
`Issuer URL`	The full URL of the Okta authorization server. For example, http://my-org.okta.com/oauth2/pquz96guaw5Yoi6Qcc586 You can find more info about authorization servers in the Okta docs	Yes
`Token`	Okta API token, used to authenticate requests to Okta APIs.	Yes

Dialog box about the Okta configuration — Okta configuration

Once you're done, you can test your configuration by selecting Test connection.

Dialog showing that the configuration works — Successfully connection

If the connection is working, save your configuration by selecting Save.

In the last step, you have to confirm the configuration changes.

Please make sure to read the displayed message carefully and follow the needed steps for confirmation!

If you already have users and groups configured, these accounts and all related user data, including tokens, will be deleted from Traefik Hub.

Please do not try to change your configuration during the synchronization process!

Traefik Hub will sync with your Okta tenant immediately after confirming your configuration.

From then on, Traefik Hub is configured to use Okta as its IdP.

The user overview page in the dashboard will not automatically show all users.
Users will only be listed after a successful login into an API Portal.

Synchronization¶

Traefik Hub will automatically sync every 60 minutes with your Okta tenant.
After a first successful synchronization, you can initiate a sync at any time by selecting the Synchronize button.

Head over to your API Portal and login with Okta.

What's next¶

Learn how to validate JWT with Okta.