Set up OIDC on Okta
Complete the steps below to Configure OIDC on Okta. Begin by first adding an OpenID application on Okta.
-
On the Okta Admin Console, select Applications > Applications.
-
Click Create App Integration.
-
Select Web application as the Application Type.
-
Set Assignments / Controlled Access according to your organization’s policies and Save the application.
-
Create the Prisma Cloud Config using the values listed below:
-
Client ID config element: Find this under General → Client Credentials. Use this value for Client ID.
-
Client Secret config element: Generate a new Client Secret and use this value. Make sure you note the expiration date and set up a scheduled refresh.
-
Issuer config element: Use “issuer” value from response to https://<okta tenant>/.well-known/openid-configuration (where <okta tenant> is your .okta.com unique tenant identifier).
-
Auth URI config element: Use “authorization_endpoint” from response to https://<okta tenant>/.well-known/openid-configuration. Apply this to https://<okta tenant>/oauth2/v1/authorize.
-
Token URI config element: Use “token endpoint” from response to https://<okta tenant>/.well-known/openid-configuration. Apply this to https://<okta tenant>/oauth2/v1/token.
-
JWK Set URI config element: Use “jwks uri” from response to https://<okta tenant>/.well-known/openid-configuration. Apply this to https://<okta tenant>/oauth2/v1/keys
You can also reference https://<okta tenant>/.well-known/openid-configuration/ for the config values above.
-