Okta/SSO #1750
Replies: 4 comments
-
Implementing Auth0 would be pretty involved but not impossible. The original intent with not using Auth0 was to not exclude users in regions where Auth0 is not supported. |
Beta Was this translation helpful? Give feedback.
-
Revisiting this, FWIW, Okta is working as an OpenID option, i can write a guide soon |
Beta Was this translation helpful? Give feedback.
-
That would be awesome. I am happy to to be a tester.
|
Beta Was this translation helpful? Give feedback.
-
A very quick guide while it's still fresh: I started with a fresh trial account, and added one user besides myself. You can setup the app with Okta CLI but you can also do this through Okta's dashboard. I used the CLI. For the CLI, you need an API key. You can create one via Security > API > TokensWhile we're here, we also need to make sure our Authorization Server has an Access Policy. Unless you are well familiar with this, this is what I did with the default server:Back to the CLIStart terminal from project directory. Assuming you already have an account, run
It should save an Okta application configuration has been written to: /home/danny/LibreChat/.okta.env export OKTA_OAUTH2_ISSUER="https://trial-ID.okta.com/oauth2/default"
export OKTA_OAUTH2_CLIENT_ID="someID"
export OKTA_OAUTH2_CLIENT_SECRET="someSECRET" Now, in our LibreChat .env file, we use these values like this: # OKTA TEST
OPENID_CLIENT_ID=someID
OPENID_CLIENT_SECRET=someSECRET
OPENID_ISSUER=https://trial-ID.okta.com/oauth2/default
OPENID_SESSION_SECRET=secret # you can change this to whatever you'd like, should be some "secret" value
OPENID_SCOPE="openid profile email"
OPENID_CALLBACK_URL=/oauth/openid/callback In our LibreChat .env file, Double check these values correspond to your deployment URL: DOMAIN_CLIENT=http://localhost:3080
DOMAIN_SERVER=http://localhost:3080 By default the Okta CLI creates an app that assigns to all users. You may need to review all the bells & whistles Okta offers for this and adjust to your needs. That's it! You should be able to login with Okta now. |
Beta Was this translation helpful? Give feedback.
-
Great tool, the team is having a lot of fun with it!! We got everything working with Azure AD.
Any thoughts on a more generic SSO implementation that could support any auth platform? i.e. Okta (our particular use case)?
Beta Was this translation helpful? Give feedback.
All reactions