> ## Documentation Index
> Fetch the complete documentation index at: https://docs.open-metadata.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta SSO for Bare Metal | Official Documentation

> Connect Bare Metal to enable streamlined access, monitoring, or search of enterprise data using secure and scalable integrations.

# Okta SSO for Bare Metal

## Update conf/openmetadata.yaml

In `openmetadata.yaml` file and use the following example as a reference. Replace the placeholder values with the details generated during your Okta account and application credentials setup.

Check the more information about environment variable [here](/v1.12.x/deployment/security/configuration-parameters).

<Tabs>
  <Tab title="implicit">
    ```
    # Implicit Flow
    authorizerConfiguration:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      adminPrincipals:                                          # Your `name` from name@domain.com
        - "admin"
        - "user1"
        - "user2"
      principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
    authenticationConfiguration:
      provider: "okta"
      publicKeyUrls:
        - "{ISSUER_URL}/v1/keys"
        - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      authority: "{ISSUER_URL}"
      clientId: "{Client ID}"
      callbackUrl: "http://localhost:8585/callback"
      clientType: "public"
    ```
  </Tab>

  <Tab title="authcode">
    ```
    # Auth Code Flow
    authorizerConfiguration:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      adminPrincipals:                                          # Your `name` from name@domain.com
        - "admin"
        - "user1"
        - "user2"
      principalDomain: "open-metadata.org"                      # Update with your Domain,The primary domain for the organization (your domain.com from name@domain.com).
    authenticationConfiguration:
      provider: "okta"
      publicKeyUrls:
        - "{ISSUER_URL}/v1/keys"
        - "{your domain}/api/v1/system/config/jwks"             # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      authority: "{ISSUER_URL}"                                 # Update Okta Issuer URL
      clientId: "{Client ID}"                                   # Update Okta Client ID
      callbackUrl: "http://localhost:8585/callback"
      clientType: "confidential"
      oidcConfiguration:
        id: "{Client ID}"                                       # Update you Okta Client ID
        type: "okta"
        secret: "{Client Secret}"                               # Update with Okta Client Secret
        discoveryUri: "http://{ISSUER_URL}/.well-known/openid-configuration"      # Update your Issuer URL
        callbackUrl: http://localhost:8585/callback"
        serverUrl: "http://localhost:8585"
    ```
  </Tab>
</Tabs>

## Configure Ingestion

Once your server security is set, it's time to review the ingestion configuration. Our bots support JWT tokens
to authenticate to the server when sending requests.

Find more information on [**Enabling JWT Tokens**](/deployment/security/enable-jwt-tokens) and [**JWT Troubleshooting**](/deployment/security/jwt-troubleshooting) to ensure seamless authentication.

<CardGroup cols={1}>
  <Card title="OKTA" href="/v1.12.x/deployment/security/okta">
    Go to okta Configuration
  </Card>
</CardGroup>