Configuring Okta for Verax

Follow these steps to configure Okta for Verax:

1. Register the application

   1. In the Okta Admin Console, go to Applications > Applications > Create App Integrations

      1. Choose OIDC — Open ID Connect

      2. Select Web Application

      3. Click Next

   2. Enter:

      1. Application name: Verax

      2. Sign-in redirect URI:
         https://internal.verax.ai/oidc/callback

      3. Under Assignments / Controlled access:

         1. Select Allow everyone in your organization

         2. Enable Immediate access

   3. Click Save

   4. After the app is created, copy the Client ID and Client Secret

2. Add API permissions

   1. In the Okta Admin Console, go to Applications > Verax > Okta API Scopes

   2. Add the following scopes:

      1. okta.users.read

      2. okta.groups.read

   3. Click Save

3. Get the Issuer URL

   1. In the Admin Console, go to Security > API > Authorization Servers

   2. Choose the authorization server you’ll use (usually default) and copy the Issuer URI, for example: https://{yourOktaDomain}/oauth2/default

4. Configure an access policy for the app

   1. In the Admin Console, go to Security > API > Authorization Servers

   2. Select the authorization server you’re using and create a policy.

      1. Click Add Policy

      2. Name: Allow OIDC for Verax

      3. Assign to the Verax application

   3. Create rule under the policy:

      1. Click Add Rule

      2. Name: Allow Authorization Code

      3. Grant types:

         1. Authorization Code

         2. Client Credentials

      4. Apply to: Any user

      5. Access: Allow

   4. Save the rule and policy.

5. Complete the connection in Verax

   1. From Okta, copy:

      1. Issuer URL

      2. Client ID

      3. Client Secret

   2. Paste these values into Verax to complete the Okta connection.