Set up Okta

Prerequisites

You need the following in order to proceed with this tutorial: 

• Access to the MATTR VII APIs

• A Decentralized Identifier (DID) is required to become an issuer

• Install MATTR Wallet App to store the Verifiable Credentials

• Familiarity with creating Verifiable Credentials will also help with troubleshooting

• Okta developer's account

You can follow this tutorial to learn more about using the OpenID Credential Provisioning using the MATTR Platform. If you’re experiencing any difficulties, contact us. 

Setting up Okta

The steps for setting up Okta are listed below:

Step 1: Create app integrations

1. Under Applications→ click on Create App Integrations, select OIDC - OpenID Connect

2. Select Web Application as the Application Type and click Next

3. Give your app an App Integration Name , it can be any name of your choice.

4. For Grant type, make sure "Client acting on behalf of a user" has Authorization code checked.

5. Under Assignments, select "Allow everyone in your organisation to access" and click Save.

6. Once the web application is created, client ID, client secret and domain are displayed on the next page.

Step 2: Add a user

1. In the left navigation menu, select Directory-> People, and click Add person

2. Enter the user information

3. Select I will set the password to be able to set the password for the user

4. Disable User must change password on first login

Step 3:

1. In the left navigation menu, select Applications-> Applications, and click My Web App created on Step 1.

2. Under the Assignments tab, add the user that was created on Step 2

Create an OpenID Credential Issuer

Follow the tutorial to create an OpenID Credential Issuer. Use the domain, client ID and secret from your Okta Web Application. Below is a sample request payload:

1{
2  "credential": {
3    "issuerDid": "{{didKeyID_issuer}}",
4    "name": "MATTR Employee Credentials",
5        "description": "Credential description",
6    "context": [    ],
7    "type": [
8      "MATTREmployeeCredential"
9    ]
10  },
11  "federatedProvider": {
12    "url": "https://{{okta: domain}}.okta.com",
13    "scope": [
14      "openid"
15    ],
16  "clientId": "{{okta: client_id}}",
17    "clientSecret": "{{okta: client_secret}}"
18  },
19  "claimMappings": [ ]
20}

The response contains the id of the OpenID Credential Issuer within the MATTR Platform.  

Take the federatedProvider's callbackUrl from the response, and copy it to the allowed sign-in redirect url in your Okta web application.  To do this:

• go to Applications → Applications → My Web App,

• then go to General Settings → Edit,

• Under Sign-in redirect URIs, click on Add URI and add the callbackUrl value,

• Click Save.

Try it out

Follow the tutorial to generate a QR Code and scan the QR Code using the MATTR Wallet app. The app will prompt for the user name and password. Authenticate using the username and password for the user that was created previously, you should be offered a Verifiable Credential.