HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Vault
Vault Home

Use Okta for OIDC authentication

[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under /website, are now located in hashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in the web-unified-docs repo, and not this one. Changes made to /website content in this repo will not be reflected on the developer.hashicorp.com website.

  1. Make sure an Authorization Server has been created. The "Issuer" field shown on the Setting page will be used as the oidc_discovery_url.
  2. Visit Applications > Add Application (Web).
  3. Configure Login redirect URIs. Save.
  4. Save client ID and secret.

Note your policy will need oidc_scopes to include profile to get a full profile ("Fat Token"). You will also need to configure bound audience along the lines of "bound_audiences": ["api://default", "0a4........."] if you are using the default authorization server.

Edit this page on GitHub