To configure SEM Web API for authentication with Okta, you must run AuthenticationConfiguration_Okta.psi in PowerShell ISE using parameters shown in the example scripts below.
-
You must use Windows PowerShell (for 64-bit) and run it in Administration mode.
-
Values for [path] to the PostInstallation folder and for [host] and other values shown in italics should be replaced by your own values.
-
The groupName parameter is optional. If omitted, a default authorized group named "Intergraph Smart Engineering Manager: SEM: Admins" is added.
-
The script registers SEM Web API with Okta and updates the application configuration files with a new Service ID.
You must be an Okta Admin user with configuration permissions for the authentication server.
Register SEM Web API under default authentication server name
The default Okta Authentication Server name is sem001-sem-authserver-pkce.
powershell.exe -file "[path]\PostInstallation\AuthenticationConfiguration_Okta.ps1" -installationType "SEM_WebAPI" -oktaAdminManagementUrl "https://hexagonppm-admin.oktapreview.com" -oauthIssuerUrl "https://sandbox.intergraphsmartcloud.com" -api_key "00-YFa0y8NLpi9yOVeNtLAivxKraj2UgdeXTqlSMNV" -username "SEMAdminUser" -groupNames "SmartEngineeringManagerAdmin,Local Admin Users" -serviceUrl "https://[host]/webapi4.0/sem/v4" -clientUrl "https://[host]/sem4.0"
Register SEM Web API under custom application name and custom authentication server name
powershell.exe -file "[path]\PostInstallation\AuthenticationConfiguration_Okta.ps1" -installationType "SEM_WebAPI" -oktaAdminManagementUrl "https://hexagonppm-admin.oktapreview.com" -oauthIssuerUrl "https://sandbox.intergraphsmartcloud.com" -api_key "00-YFa0y8NLpi9yOVeNtLAivxKraj2UgdeXTqlSMNV" -username "SEMAdminUser" -groupNames "SmartEngineeringManagerAdmin,Local Admin Users" -serviceUrl "https://[host]/webapi4.0/sem/v4" -clientUrl "https://[host]/sem4.0" -customAppClientName "[custom_application_name]" -customAuthServerName "[custom_auth_server_name]"
Parameter |
Description |
oauthIssuerUrl |
URL of the Okta Authentication Server |
username |
Name of the registered Okta Admin user for logging in to the Authentication Server |
groupNames |
Names of one or more Okta user groups, separated by commas |
api_key |
Value of the Okta API token. For more information, see the section API token management in the Okta Help Center. |
serviceUrl |
Required Url for requesting the OData Description in Postman |
clientUrl |
Required Url for displaying the SEM Web Application in a browser. |