Set up Okta

Prerequisites

You need the following in order to proceed with this tutorial: 

You can follow this tutorial to learn more about using the OIDC bridge with the MATTR Platform. If you’re experiencing any difficulties, contact us

Setting up Okta

The steps for setting up Okta are listed below:

Step 1: Create app integrations

  1. Under Applications→ click on Create App Integrations, select OIDC - OpenID Connect

  2. Select Web Application as the Application Type and click Next

  3. Give your app an App Integration Name , it can be any name of your choice.

  4. For Grant type, make sure "Client acting on behalf of a user" has Authorization code checked.

  5. Under Assignments, select "Allow everyone in your organisation to access" and click Save.

  6. Once the web application is created, client ID, client secret and domain are displayed on the next page.

Step 2: Add a user

  1. In the left navigation menu, select Directory-> People, and click Add person

  2. Enter the user information

  3. Select I will set the password to be able to set the password for the user

  4. Disable User must change password on first login

Step 3:

  1. In the left navigation menu, select Applications-> Applications, and click My Web App created on Step 1.

  2. Under the Assignments tab, add the user that was created on Step 2

https://www.datocms-assets.com/38428/1659590615-2022-08-01_18-58-49.png?auto=format

Create an OIDC Credential Issuer

Follow the tutorial to create an OIDC Credential Issue. Use the domain, client ID and secret from your Okta Web Application. Below is a sample request payload:

json
Copy to clipboard.
1{
2    "credential": {
3        "issuerDid": "{{didKeyID_issuer}}",
4        "name": "MATTR Employee Credentials",
5        "description": "Credential description",
6        "context": [
7            "https://www.w3.org/2018/credentials/v1",
8            "https://schema.org",
9            "https://www.w3.org/2018/credentials/examples/v1"
10        ],
11        "type": [
12            "MATTREmployeeCredential"
13        ]
14    },
15    "federatedProvider": {
16        "url": "https://{{okta: domain}}.okta.com",
17        "scope": [
18            "openid",
19            "profile",
20            "email"
21        ],
22        "clientId": "{{okta: client_id}}",
23        "clientSecret": "{{okta: client_secret}}"
24    },
25    "claimMappings": [
26        {
27            "oidcClaim": "name",
28            "jsonLdTerm": "name"
29        }
30    ]
31}

The response contains the id of the OIDC Credential Issuer within the MATTR Platform.  

Take the federatedProvider's callbackUrl from the response, and copy it to the allowed sign-in redirect url in your Okta web application.  To do this:

  • go to ApplicationsApplicationsMy Web App,

  • then go to General SettingsEdit,

  • Under Sign-in redirect URIs, click on Add URI and add the callbackUrl value,

  • Click Save.

https://www.datocms-assets.com/38428/1659337676-2022-08-01_19-07-29.png?auto=format

Try it out

Follow the tutorial to generate a QR Code and scan the QR Code using the MATTR Wallet app. The app will prompt for the user name and password. Authenticate using the username and password for the user that was created previously, you should be offered a Verifiable Credential.