Skip to content
Keboola User Documentation
Data Apps

Okta

This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola apps, specifically for use on Okta.

Step 1: Create a new OAuth 2.0 Client ID in Okta

Section titled “Step 1: Create a new OAuth 2.0 Client ID in Okta”

Follow these steps to create a new OAuth 2.0 client ID in Okta:

  1. Go to the Okta Admin Console
  2. Click Applications and then click Applications again.
  3. Click Create App Integration.
  4. Select OIDC - OpenID Connect as the sign-in method.
  5. Choose Web application as the application type.
  6. Give your web app integration a name, for example, “Streamlit OIDC Demo”.
  7. You do not have your sign-in redirect URI yet; you’ll need to create an app in Keboola first.
  8. Click Save to finish.

Step 2: Configure Your App in Keboola

Section titled “Step 2: Configure Your App in Keboola”

Follow these steps to set up a new app in Keboola:

  1. Go to your Keboola project
  2. Click Apps.
  3. Create a new app by clicking the green + button.
  4. Give your app a name and click Create App to create the app.

Step 3: Configure the Authentication Method for Your App

Section titled “Step 3: Configure the Authentication Method for Your App”

Follow these steps to set up the authentication method for your app:

  1. Go to the newly created app
  2. Click the Information & Settings tab.
  3. Under Authentication, select OIDC and then Generic OIDC.
  4. Copy the client ID from your Okta application to the Client ID field in Keboola.
  5. Copy the client secret from your Okta application to the Client secret field in Keboola.
  6. In the Issuer URL field, enter https://<yourOktaOrg>.okta.com/oauth2/default. This is the correct issuer URL for Okta OIDC setup.
  7. Click Save to apply the changes.
Section titled “Step 4: Configure Your App’s Consent Screen in Okta”

Follow these steps to set up your app’s consent screen in Okta:

  • Go to the Okta Admin Console and open your web app integration.
  • Enter the sign-in redirect URIs back to your app.
    Make sure to add /_proxy/callback to the end of your redirect URL.
    This is how Keboola will send the authentication response to your app. The format of the redirect URL is as follows: https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback (e.g., https://okta-oidc-data-app-1234567890.hub.north-europe.azure.keboola.com/_proxy/callback).
  • Click Save to finish.

Step 5: Deploy Your App in Keboola

Section titled “Step 5: Deploy Your App in Keboola”

Follow these steps to deploy your app in Keboola:

  1. In your app in Keboola, click the Deploy App tab.
  2. Select the Code or GitHub deployment type, and add the code for your application.
  3. Click the green Deploy App button to deploy the application.

Step 6: Test Your App

Section titled “Step 6: Test Your App”

Follow these steps to test your new app:

  1. Go to the app’s URL
  2. You should be redirected to the Okta consent screen
  3. Log in with your Okta account to verify your identity
  4. The app should display its content
Ask Kai

Ask anything about Keboola — I'll search the docs and cite the pages I use.