Configuring OpenID Connect confidential client in Okta - HxGN EAM - 12.0.1 - Feature Briefs - Hexagon

HxGN EAM OpenID Connect
Language
English
Product
HxGN EAM
Search by Category
Feature Briefs
HxGN EAM Version
12.0.1

The following steps detail creating an OpenID Connect Client in Okta. The setup should be performed from an administrator account in Okta.

  1. Access Okta with an Administrator account.

  2. Navigate to Applications menu, and then click Create App Integration.

  3. In the wizard, select the OIDC radio button as the Sign-In method and select Native Application as the Application Type and click Next.

  4. Provide the App Integration Name.

  5. In the Grant type section, select the Authorization Code and Resource Owner Password check boxes.

  6. In the Sign-in redirect URIs, click Add URI and add a Redirect URI. This could be something like <protocol>://<eam-server>/axis/services/EWSConnector. This will be the URI to which the authentication request will be redirected to along with an authorization code in the authorization code grant flow of OpenID Connect.

  7. In the Assignments section, select the appropriate option, and then click Save.

  8. Once the application is created, navigate to the General tab, and then in the Client Credentials section, click Edit.

  9. Select the Client Secret radio button, and then click Save. This will generate a new Client Secret.

    Note the Client ID and Client Secret generated.

  10. Un-select the Require PKCE as additional verification.

  11. From the left menu, navigate to the API sub-menu under Security.

  12. Click Add Authorization Server.

  13. Provide values for Name, Audience, and Description, and then click Save.

  14. Navigate to the Claims tab.

  15. Click Add Claim to add the following claims:

    Name

    Include in token type

    Value type

    Value

    Identity2

    ID Token (Always)

    Expression

    user.login

    email-id

    ID Token (Always)

    Expression

    user.email

    UserDescription

    ID Token (Always)

    Expression

    user.fullName

    SecurityRole

    ID Token (Always)

    Expression

    “EAM-Administrator”

    ‘EAM-Administrator’ should be replaced with an appropriate EAM role name.

  16. Navigate to the Access Policies tab, and then click Add New Access Policy.

  17. Provide Name and Description, select the “The following Clients” radio button, and then select the Client Application created at step 8, and then click Create Policy.

  18. Click Add rule, and then provide a rule name. Ensure that the Authorization Code and Resource Owner Password are selected, and then click Create Rule.

  19. Copy the Metadata URI from the Settings tab. This will have the required metadata information about the OIDC configuration.

    See https://developer.okta.com/docs/reference/api/oidc/#endpoints for more details on Okta configuration.