Okta - OIDC

To use Okta as an IdP to authenticate into the Akeyless Platform via OIDC, follow the steps below.

Create an Okta application

  1. In your Okta account, go to Applications > Add Application > Create App Integration.

  2. For Sign-in method select OIDC - OpenID Connect and for Application type
    select Web Application and press Next.

  1. On the Settings page:
    a. For the Grant type, check Authorization Code.
    b. Set https://auth.akeyless.io/oidc/callback into the Sign-in redirect URIs.

  1. Once the OIDC app has been created, you need to obtain the Client ID, Client secret, and Okta domain:

  1. In order to bind the Okta application with your Akeyless account, you need to create an OIDC Authentication Method using either CLI or UI, as described below.

Create an OIDC Authentication Method from the CLI

akeyless create-auth-method-oidc --name 'My Okta app' --issuer https://{your-okta-domain}.okta.com --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username')}

Login with OIDC from Akeyless CLI

  1. You should configure a new profile with your Access ID from the previous step and OIDC type (In case the profile name is not provided the default profile will be configured):
akeyless configure --access-id <your-access-id> --access-type oidc --profile 'okta-app'
  1. Now, you can run any Akeyless CLI command and be authenticated with the Okta application:
akeyless list-items --profile okta-app