Okta - OIDC

In order to use Okta as an IdP to authenticate the Akeyless Vault via OIDC, you need to follow the below steps.

Create an Okta application

  1. In your Okta account, go to Applications > Add Application > Create App Integration.

  2. For Sign-in method select OIDC - OpenID Connect and for Application type
    select Web Application and press Next.

  1. On the Settings page:
    a. For the Grant type, check Authorization Code.
    b. Set https://auth.akeyless.io/oidc/callback into the Sign-in redirect URIs.

  1. Once the OIDC app has been created, you need to obtain the Client ID, Client secret, and Okta domain:

  1. In order to bind the Okta application with your Akeyless Vault account, you need to create an OIDC Authentication Method using either CLI or UI, as described below.

Create OIDC Authentication Method using Akeyless CLI

akeyless create-auth-method-oidc --name 'My Okta app' --issuer https://{your-okta-domain}.okta.com --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username')}

Login with OIDC via Akeyless CLI

  1. You should configure a new profile with your Access-ID from the previous step and OIDC type (In case profile name is not provided the default profile will be configured):
akeyless configure --access-id <your-access-id> --access-type oidc --profile 'okta-app'
  1. Now, you can run any Akeyless CLI command and be authenticated with Okta application:
akeyless list-items --profile okta-app