OpenID Connect Settings for Okta
This article describes settings that have been used successfully with OnGuard and Okta in order to use Okta as a third-party identity provider for OnGuard via the OpenID Connect protocol.
Note: Third-party settings may be different from those discussed here based on the specific third-party product or version in use, or other differences. The following settings are not guaranteed to work in all situations. Contact your third-party provider or refer to their documentation for details on using their service.
Procedure Steps
Okta Settings:
- The application must be added as the "Native iOS, Android" type.
- Allowed grant types must include the Authorization Code.
- Login redirect URIs must include the URI for Lenel Console for the specific OnGuard installation.
- Client authentication should be set to -- Use Client Authentication.
OnGuard Settings:
- Set the Base URL to https:///oauth2/default.
- Fill in the Client ID from the Client Credentials section in the Okta settings.
- If using Client authentication mode User Client authentication, fill in the Client Secret from the Client Credentials section in the Okta settings.
- Set Advanced > Additional Endpoints to https:///oauth2/v1/client, or uncheck Validate Endpoints.