Setting Up OpenID Connect (OIDC) in Okta (Community)

View the original community article here

Last tested: Jul 21, 2020
 

1. Once logged into Okta, navigate to 'applications' tab
2. Click 'Add Application' option

3. Click the 'Create New App'

4. Ensure your new application has the 'OpenID Connect' option selected
5. Click 'create'

6. Name your application, and enter your Looker URI with /openidconnect added to the end of it (as described in our OIDC docs). Make sure you are NOT using the admin version of the URL!
7. Click 'Save'

8. Ensure you are in the 'General' tab of the new application

9. Scroll down to the bottom of the 'general' page and get your Client ID (which maps to the 'Identifier' field in Looker's Admin/OIDC page) and Client Secret (which maps to the 'Secret' field in Looker's Admin/OIDC page)

10. Fill out all the necessary fields in the Looker UI as per our OIDC documentation. Take special note of which 'scopes' are required ("The OpenID Connect requires the openid scope, but your OP will likely include other scopes, such as email, profile, and groups.) As shown in our docs, the information for Authorization URL, Token URL, and User Info URL would follow the following format, though you'd replace the last path specified with the respective information name ( /token for token and /userinfo for user info):

https://${yourOktaDomain}/oauth2/v1/authorize

Plain Text

12. Claim scopes as listed here: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
13. Please test your OIDC settings!