Configuring OIDC Single Sign-on

After the integration is successfully set up, any modifications on Okta application could lead to the regeneration of the client secret, causing Okta to reject requests from MetaDefender Core due to a mismatch in the client secret. In this instance, the customer should copy the new secret from Okta and update Client secret field within Service Provider of MetaDefender Core with the new one.

Create Okta application

  1. Access https://www.okta.com/login/ and sign in.
  2. In the sidebar of dashboard, hit Applications to drop sub items down, then select Applications.
  3. Click Create App Integration.
  1. In Sign-in method, select OIDC - OpenID Connect. In Application type choose Web Application and click Next.
  1. Fill App name, MDCore-OIDC for example and click Next.

Create OIDC directory in MetaDefender Core

  1. Sign in to MetaDefender Core management console.
  2. Under Dashboard, hit User Management in the sidebar.
  3. Under User Management, select Directories tab and click Add directory in the top right.
  1. In Add Directory page, choose OIDC for Directory Type.
  2. Fill Name of the new directory, MDCore-OIDC for example.
  3. Under Service Provider, fill in Host or IP where MetaDefender Core is being hosted, https://localhost:8008 for this example.

Complete configuration in Okta

  1. Switch to Applications screen in Okta home page.
  2. Paste the Login URL from MetaDefender Core into Sign-in redirect URIs and grant permission for everyone to access our application in Assignments then click Save.
  1. In General tab, copy Client ID and Client Secret.

Complete configuration in MetaDefender Core

  1. Switch to MetaDefender Core screen, under Identity Provider, click on Fetch URL.
  2. OIDC link will be built by appending /.well-known/openid-configuration to your Okta domain url (Referred Okta document). For example dev-115662.okta.com/.well-known/openid-configuration.
  3. Paste OIDC configuration link above to the box under Fetch URL and hit OK to ensure MetaDefender Core can set Okta as its IdP.
  1. Under Service Provider, paste the value of Client ID and Client secret that you copied from Okta respectively.
  1. Under Service Provider, fill in User identified by with ${given_name}_${family_name} for example.
  2. Select appropriate role for the user under User Role.
  3. Click Add to complete the settings.
  1. On User Management screen, toggle the new directory, MDCORE-OIDC in this example. A dialog box is shown to confirm the action. Once Enable is hit, all existing sessions will be expired immediately and Okta will be used to authenticate users going forward.

Test the integration

  1. Browse MetaDefender Core, hit Login, user is redirected to Okta's sign-in page.
  1. Sign in by the account registered in Okta.
  2. If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.
  1. For troubleshooting, browse <mdcore-host>#/public/backuplogin.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Configuring SAML Single Sign-on
On This Page
Configuring OIDC Single Sign-onCreate Okta applicationCreate OIDC directory in MetaDefender CoreComplete configuration in OktaComplete configuration in MetaDefender CoreTest the integration