OneLogin
Follow these guidelines to configure OneLogin as an OAuth 2.0 provider for your instance of IDE Services.
Prerequisites
You have a valid Okta account.
You have created an application.yaml file to configure your IDE Services Server.
Add IDE Services to OneLogin
Start by configuring a custom OIDC connector so that IDE Services can use OneLogin as an authentication provider.
Open the OneLogin portal in your browser and log in using your OneLogin account.
From the main menu, select Applications | Applications.
Click Add App.
In the search field, start typing
OpenId Connect
and select this application.Specify
IDE Services
as an application name and click Save.On the Configuration tab, specify the callback endpoint to redirect the end user in the Redirect URIs field -
http://<ide_services_server_domain.com>/api/login/authenticated
.On the SSO tab, select POST in the Authentication Method field.
Copy and save the Client ID and Client Secret values. You will need them for configuring application.yaml.
Save the resulting configuration.
Configure OneLogin in application.yaml
After adding IDE Services to OneLogin, you need to configure your application.yaml file and specify the OAuth 2.0 provider properties there:
- login-url
Provide a URL for logging in via OneLogin.
You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at
https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration
.- token-url
Provide a URL for obtaining an authorization token on OneLogin's side.
You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at
https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration
.- jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at
https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration
.- client-id
Specify the public identifier for IDE Services used in OneLogin.
- client-secret
Specify the client secret for IDE Services used in OneLogin.
- required-scopes
Set the value to
[ "profile", "email", "openid"]
.- login-url-prompt-param
Defines whether the user should be prompted with a login dialog. Specify one of the following values:
login
: use this value to show the login dialog to the user.none
: use this value to skip showing the login dialog to the user.
- root-admin-emails
List emails of users that will receive admin rights.