-
Log in to Okta using your usual sign-in.
-
If you need to create a new group, do the following:
-
On the Okta Directory tab, select Groups, and then click Add Group.
-
Enter a group name and description and click Add group.
-
Select the newly-created group and add users to it.
-
-
Okta refers to Clients as Applications. Create an application as follows:
-
Click the Applications tab.
-
Select Applications.
-
Click Browse App Catalog.
-
Click Create New App.
-
For Sign-in method, select OIDC.
-
For Application type, select Single-Page Application.
-
Enter the application name using the syntax: {estataeshortcode(vmprefix)-productid(appid)-sitename-authflow
For example:
{semv3-sem-app-pkce}
This is the Smart Cloud convention. Since SEM deals with multiple sites, instead of specifying a sitename, you can define it as an application.
-
-
Under Grant type, select both check boxes: Authorization Code and Refresh Token:
-
In the Login section, specify the URIs indicated below
Sign-in redirect URIs
-
http://localhost:8080/SEM3.0/
-
http://localhost:8080/sem3.0/_session.html
-
http://localhost:8080/sem3.0/login
-
http://localhost:8080/sem3.0/session-expired
Sign-out redirect URIs
-
http://localhost:8080/SEM3.0/
The hosted server should be used as the domain name in the above URIs.
-
-
In the Assignments section, choose whether to assign the app integration to everyone in your organization or to one or more selected groups:
-
Save all your changes.
After saving, the following tabs should be available:
-
General
-
Sign On
-
Assignments
-
-
Click the General tab and ensure that a value appears for Client ID and that Client authentication is set as Use PKCE:
The ID you should enter is the one generated in the authentication server when you create an instance for the Web Client Backend.
-
Click the Sign On tab and ensure that the sign-in and sign-out redirect URIs are shown correctly.
-
Click the Assignments tab and check that the group assignments are correct.
-
Assign the PKCE Application to the Auth Server as follows:
-
Find an existing Auth Server or create a new one with Security > API.
-
Select the Auth Server and navigate to Access Policies.
-
Assign the PKCE Application that you created (for example sem-app-pkce):
-