Okta SSO for Bare Metal

Update conf/openmetadata.yaml

In openmetadata.yaml file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup. Check the more information about environment variable here.

implicit
authcode

# Implicit Flow
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                                          # Your `name` from name@domain.com
    - "admin"
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
authenticationConfiguration:
  provider: "okta"
  publicKeyUrls:
    - "{ISSUER_URL}/v1/keys"
    - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
  authority: "{ISSUER_URL}"
  clientId: "{Client ID}"
  callbackUrl: "http://localhost:8585/callback"
  clientType: "public"

# Auth Code Flow
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:                                          # Your `name` from name@domain.com
    - "admin"
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
authenticationConfiguration:
  provider: "okta"
  publicKeyUrls:
    - "{ISSUER_URL}/v1/keys"
    - "{your domain}/api/v1/system/config/jwks"             # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
  authority: "{ISSUER_URL}"                                 # Update Okta Issuer URL
  clientId: "{Client ID}"                                   # Update Okta Client ID
  callbackUrl: "http://localhost:8585/callback"
  clientType: "confidential"
  oidcConfiguration:
    id: "{Client ID}"                                       # Update you Okta Client ID
    type: "okta"
    secret: "{Client Secret}"                               # Update with Okta Client Secret
    discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration"      # Update your Issuer URL
    callbackUrl: http://localhost:8585/callback"
    serverUrl: "http://localhost:8585"

Configure Ingestion

Once your server security is set, it’s time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests. Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.

OKTA

Go to okta Configuration

Deployment

Okta SSO for Bare Metal | Official Documentation

Okta SSO for Bare Metal

Update conf/openmetadata.yaml

Configure Ingestion

OKTA

Deployment

​Okta SSO for Bare Metal

​Update conf/openmetadata.yaml

​Configure Ingestion

OKTA

Okta SSO for Bare Metal

Update conf/openmetadata.yaml

Configure Ingestion