Manual Chapter : Configuring an Okta OAuth provider with discovery

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Configuring an Okta OAuth provider with discovery

Configure the Okta OAuth server and make a note of the OpenID URI to use for discovery.
OAuth Discover uses the global system DNS (not DNS resolvers) so you need to have configured a DNS remote lookup server using
System
Configuration
Device
DNS
to use discovery.
You can configure an Okta OAuth provider to obtain opaque tokens or JSON web tokens (JWTs) from an OAuth authorization server that supports them. When an OAuth provider supports discovery from a well-known endpoint, APM can discover JWTs and JSON web key (JWK) configurations from the provider.
Without discovery, you can still create token and key configurations in
Access
Federation
JSON Web Token
.
APM includes preconfigured providers named
AzureAD
(Azure Active Directory from Microsoft),
F5
(APM),
Facebook
,
Google
,
Okta
, and
Ping
(PingFederate from Ping Identity).
  1. On the Main tab, click
    Access
    Federation
    OAuth Client / Resource Server
    Provider
    .
    The Provider screen opens.
  2. Click
    Create
    .
  3. Type the
    Name
    for the provider.
  4. From the
    Type
    field, select
    Okta
    .
  5. Select the
    Trusted Certificate Authorities
    .
  6. Select
    Use Auto JWT
    .
  7. In the
    OpenID URI
    field, specify the OpenID URI of the server.
  8. Click
    Discover
    to fill in the remaining fields.
    This only works if you have configured a system DNS server in
    System
    Configuration
    Device
    DNS
    .
  9. Click
    Save
    .
    The new Okta OAuth provider displays on the Provider screen.