Create Web Application Integration in Okta
Because the sign-in redirect URI for an Okta web app integration is region-specific, contact Lookout Customer Support to find out the correct URI to enter. Enter that URI as instructed in these steps.
- Sign into the Okta application.
- Click the icon at the upper left to display the Okta navigation menu on the left side of the screen.
- From the navigation menu, select Applications > Applications.
- Click Create App Integration.
- From the Create a new app integration page, select:
- OIDC - OpenID Connect as the sign-in method
-
Web Application as the Application type.
- Click Next.
- From the New Web App Integration page, enter or select the following information.
- App integration name - Enter a name for the integration.
- Logo (optional) - Upload your company logo.
- Grant type -
- Leave the Client acting on behalf of itself box unchecked.
- Under Client acting on behalf of a server, check Refresh Token.
- Sign-in redirect URIs - Enter the URI provided by Lookout Customer Support. (The URI shown is an example.)
- Sign-out redirect URIs - Leave this field empty.
- Controlled access - Select Allow everyone in your organization to access.
- Enable immediate access - Check Enable immediate access with Federation Broker Mode.
- Click Save.
Okta displays the Client Credentials for the app integration you are creating and generates a Client ID, which is a public identifier for the client. This identifier is required for all Oauth flows.
You will need the client ID when you add the Okta instance in the Lookout Management Console. To copy the client ID to your clipboard, click the Clipboard icon to the right.
The Client Secret option is selected by default. The Client Secrets section shows the last client secret that Okta generated and the date it was created. For new app integrations, the date will be the date on which you created the integration. The characters in the secret are masked by dots. To view the secret, click the eye icon to the right.
You will need the client secret when you add the Okta instance in the Lookout Management Console. To copy the client secret to your clipboard, click the Clipboard icon to the right.
- Select the API Scopes tab.
- Grant access to the following four scopes:
- okta.users.read
- okta.domains.read
- okta.groups.read
- okta.roles.read