Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Set up OKTA as an Anypoint Platform Identity Provider

DZone 's Guide to

How to Set up OKTA as an Anypoint Platform Identity Provider

See how to set up OKTA as an Anypoint Platform identity provider.

· Integration Zone ·
Free Resource

Image title

OKTA

Objective

To use OKTA as a single sign-on identity provider.

Prerequisite

  1. Anypoint Platform account with admin access to organization account

  2. OKTA developer account

You may also like:  Creating a System API Using MuleSoft

Create Application in OKTA

The first step is to create an application. Applications can either be web, mobile, or other machines that will integrate with OKTA. In our project, that will be Anypoint Platform.

  1.  Application -> Add Application
    Image title

  2. Select Web then click nextImage title

  3. Setup the application
    Image title

    • Name: AnypointPlatform

    • Base URIs:  https://anypoint.mulesoft.com

    • Login redirect URIs: Login to your AnypointPlatform Account and click External Identity

      • Next click Identity Management and select OpenID ConnectImage title

      • Click "Use Manual Registration"Image title

      • Copy the URLImage title

    • Group Assignments: Everyone

    • Grant Type: Tick Only Authorization Code

    • Click Next

Create OKTA Authorization Server

Next, we need to create an Authorization Server that will grant access and set the policy to our application.

  1. Click on API -> Authorization ServerImage title

  2. Click on Add Authorization Server, fill out the form, and click saveImage title

  3. Next, we need to create the policy we will enforce, click on Access Policy, then Click Add Policy
    Image title
    Image title

    1. Name: pick a name that describes what your policy do

    2. Description: describe the the purpose of the policy

    3. Assign To: you can choose to assign the policy on specific application or apply to all application, in our example the policy will only be applicable on AnypointPlatform

  4. Lastly, we need to Add a Rule we can enforce on our policy, To start, click on Add Rule
    Image title
    Image title

    1. Rule Name: Describes what the rule does.

    2. [IF] Grant Type Is: Select Authorization Code only, since we only use Authorization Code in our application.
    3. [And] User Is: This rule will apply to any group or specific user. In our example, I'm allowing this on all users under my organization.
    4. [And] Scope Requested: Allow any scope for now since we haven't set any scope in our application, but this will be useful if you want to limit your users on 'View Development Only' for developers or have 'Access Management' for project owners.
    5. [Then] Access Token lifetime is: This is the timeout before users are asked to log in again or refresh the session using refresh token (Anypoint Platform will handle this on the backend).
    6. Click on Create Rule.
  5. Your Authorization Server in OKTA is complete, but we still need to set up Anypoint Platform to use the authorization server from OKTA.

Set up Identity Provider in Anypoint Platform

  1. Go Back to the External Identity Page in Anypoint Platform.
    Image titleYou can fill up the form by copying the value from your application and authorization server in OKTA.

    1. Client ID: Go to OKTA and open the application we just created under the General tab and copy the client ID in the bottom.

    2. Client Secret: Go to OKTA and open the application we just created under the General tab and copy the Client Secret in the bottom.
      Image title

    3. Open ID Connect Authorization URLs: You can get this value in OKTA from API -> Authorization Server -> *Click the authorzation we just created ->  Click on Metadata URI 
      Image title

      1. Open Id Connect Issue = Issuer

      2. Authorize URL = authorization_endpoint

      3. Token URL = token_endpoint 

      4. User Info URL: I'ts not on the authorization metadata URL, but you can add it by following this format: https://dev-{id}.okta.com/oauth2/{authorization client id}/v1/userinfo 
        example:
         https://dev-174353.okta.com/oauth2/aus1bpyllnQRZgYwt357/v1/userinfo

        *to know more about the standard url in Open ID Connect and Auth2.0 please visit: https://developer.okta.com/docs/reference/api/oidc/#userinfo

      5. Click on Save

Creating OKTA Users

  1. Click on Users -> People -> Add Person
    Image titleWhen creating a user, you can leave the group blank since we're allowing all account access to our application earlier.

That's it! You can now login to Anypoint Platform using accounts created in OKTA by following this link: https://anypoint.mulesoft.com/accounts/login/{anypoint organization id}

example: https://anypoint.mulesoft.com/accounts/login/my-organization-43

Further Reading

Guide to Integrating OKTA OAuth 2.0 OIDC With Mulesoft API Anypoint Platform (Mule 4)

Topics:
mule ,anypoint platform ,okta ,integration ,identity provider

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}