Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Okta specifications.

Creation order:

  • Scopes

  • Claims

  • Clients

...

Application Name

...

Type

...

Following the OAuth 2.0 standard, ModelOp Center requires the following Okta configurations for a successful integration:

  1. Custom scope

    1. modelop_client

  2. Applications

    1. gateway-service

    2. internal-client

    3. external-integration-client

    4. go-cli

Proposed
Application
ID

Application
Type

Client Secret Required

Grant Type

Scope

Token Claim

Redirect URIs

gateway-service

WebApp

(C2B)

Web

  • Authorization Code

  • Refresh

token Note: Refresh token behavior - Use persistent token.
  • Token

  • openid

  • profile

  • email

  • custom_scope

    • offline_access

    • email

    • family_name

    • given_name

    • groups

    https://

    Sign-in redirect URIs

    • <ModelOp Center URL>/login/oauth2/code/gateway-service

    Sing

    Sign-out redirect URIs

    :http(s)://<<ModelOp Center URL>>/

    • <ModelOp Center URL>

    internal-client

    API

    (B2B)

    external-client

    WebApp - Native

    Implicit

    • modelop_client

    • email

    • family_name

    • given_name

    • groups

    https://

    Service

    • Client Credentials

    • modelop_client

    • email

    • family_name

    • given_name

    • idtyp

    external-integration-client
    (C2B)

    Native

    • Implicit (hybrid)

    • Authorization Code

      • Under “Client Credentials”, please select “Require PKCE as additional verification”

    • Refresh Token

    • openid

    • profile

    • email

    • offline_access

    • <ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

    https://
    • <ModelOp Center URL>/modelOpWDC.html

    • https://oauth.powerbi.com/views/oauthredirect.html

    go-cli

    API

    (C2B)

    Native

    • Resource Owner Password

    modelop_client
    • Refresh Token

    • openid

    • profile

    • email

  • family_name

  • given_name

  • groups
    • offline_access

    ModelOp Center URL as a trusted origin

    For users to be redirected to ModelOp Center after login, the ModelOp Center URL has to be added as a trusted origin by following these steps:

    1. Open the Okta console

    2. Click the following tabs in the given order:

      1. Security

      2. API

      3. Trusted Origins

      4. Add origin

        1. Origin name: ModelOp Center

        2. Origin URL: <ModelOp Center URL>

        3. Choose Type:

          1. Cross-Origin Resource Sharing (CORS)

          2. Redirect

    Required User Attributes

    • Family name

    • Given name

    • User name

    • Email

    • Group(s)

    Okta Guide

    For instructions on how to create the custom modelop_client scope, please follow the Okta: How-to guide.