Configure Okta PKCE client for SEM - Intergraph Smart Engineering Manager - 3.0 - Installation & Upgrade - Hexagon

Intergraph Smart Engineering Manager Web Installation and Configuration
Language
English
Product
Intergraph Smart Engineering Manager
Subproduct
Web
Search by Category
Installation & Upgrade
Smart Engineering Manager Web Version
3.0

  1. Log in to Okta using your usual sign-in.

  2. If you need to create a new group, do the following:

    1. On the Okta Directory tab, select Groups, and then click Add Group.

    2. Enter a group name and description and click Add group.

    3. Select the newly-created group and add users to it.

  3. Okta refers to Clients as Applications. Create an application as follows:

    1. Click the Applications tab.

    2. Select Applications.

      Okta_PKCE_01 - Applications

    3. Click Browse App Catalog.

    4. Click Create New App.

    5. For Sign-in method, select OIDC.

    6. For Application type, select Single-Page Application.

    7. Enter the application name using the syntax: {estataeshortcode(vmprefix)-productid(appid)-sitename-authflow

      For example:

      {semv3-sem-app-pkce}

      This is the Smart Cloud convention. Since SEM deals with multiple sites, instead of specifying a sitename, you can define it as an application.

  4. Under Grant type, select both check boxes: Authorization Code and Refresh Token:

    Okta_PKCE_02 - General Settings

  5. In the Login section, specify the URIs indicated below

    Sign-in redirect URIs

    • http://localhost:8080/SEM3.0/

    • http://localhost:8080/sem3.0/_session.html

    • http://localhost:8080/sem3.0/login

    • http://localhost:8080/sem3.0/session-expired

    Sign-out redirect URIs

    • http://localhost:8080/SEM3.0/

    The hosted server should be used as the domain name in the above URIs.

  6. In the Assignments section, choose whether to assign the app integration to everyone in your organization or to one or more selected groups:

    Okta_PKCE_04 - Assignments

  7. Save all your changes.

    After saving, the following tabs should be available:

    • General

    • Sign On

    • Assignments

  8. Click the General tab and ensure that a value appears for Client ID and that Client authentication is set as Use PKCE:

    Okta_PKCE_05 - Verify Client Settings

    The ID you should enter is the one generated in the authentication server when you create an instance for the Web Client Backend.

  9. Click the Sign On tab and ensure that the sign-in and sign-out redirect URIs are shown correctly.

  10. Click the Assignments tab and check that the group assignments are correct.

  11. Assign the PKCE Application to the Auth Server as follows:

    1. Find an existing Auth Server or create a new one with Security > API.

    2. Select the Auth Server and navigate to Access Policies.

    3. Assign the PKCE Application that you created (for example sem-app-pkce):

      Okta_PKCE_06 - Assign PKCE App to Auth Server