Okta SSO for Kubernetes

Check the Helm information here. Here is an example for reference, showing where to place the values in the values.yaml file after setting up your OKTA account and obtaining the application credentials. Check the more information about environment variable here.

implicit
authcode

# Public Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from [email protected]
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from [email protected]).

    authentication:
      clientType: public
      provider: "okta"
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks"     # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{ISSUER_URL}/v1/keys"
      authority: "{ISSUER_URL}"
      clientId: "{Client ID}"                 # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"

# Auth Code Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from [email protected]
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from [email protected]).

    authentication:
      clientType: confidential
      provider: "okta"
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks"         # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{ISSUER_URL}/v1/keys"
      authority: "{ISSUER_URL}"
      clientId: "{Client ID}"                             # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"
      oidcConfiguration:
        oidcType: "okta"
        clientId:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-id
        clientSecret:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-secret
        discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration"      # Update your Issuer URL
        callbackUrl: http://localhost:8585/callback
        serverUrl: http://localhost:8585

Configure Ingestion

Once your server security is set, it’s time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests. Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.

OKTA

Go to okta Configuration

Get Started

Day 1

Okta SSO for Kubernetes | Official Documentation

Okta SSO for Kubernetes

Configure Ingestion

OKTA

Get Started

Day 1

​Okta SSO for Kubernetes

​Configure Ingestion

OKTA

Okta SSO for Kubernetes

Configure Ingestion