View the original community article here
Last tested: Jul 21, 2020
- Once logged into Okta, navigate to 'applications' tab
- Click 'Add Application' option
- Click the 'Create New App'
- Ensure your new application has the 'OpenID Connect' option selected
- Click 'create'
- Name your application, and enter your Looker URI with
/openidconnect
added to the end of it (as described in our OIDC docs). Make sure you are NOT using the admin version of the URL! - Click 'Save'
- Ensure you are in the 'General' tab of the new application
- Scroll down to the bottom of the 'general' page and get your Client ID (which maps to the 'Identifier' field in Looker's Admin/OIDC page) and Client Secret (which maps to the 'Secret' field in Looker's Admin/OIDC page)
- Fill out all the necessary fields in the Looker UI as per our OIDC documentation. Take special note of which 'scopes' are required ("The OpenID Connect requires the
openid
scope, but your OP will likely include other scopes, such asemail
,profile
, andgroups
.) As shown in our docs, the information forAuthorization URL
,Token URL
, andUser Info URL
would follow the following format, though you'd replace the last path specified with the respective information name (/token
for token and/userinfo
for user info):
https://${yourOktaDomain}/oauth2/v1/authorize
Plain Text
- Claim scopes as listed here: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- Please test your OIDC settings!
This content is subject to limited support.