How to: Configure an environment for Okta

The quickstart allows Okta to optionally be used as a means of authentication. This How To guide walks through the steps needed to configure a branch/environment to be connected to Okta. The 'mybranch' branch/environment will be used as an example. Please substitute your branch name for 'mybranch' where appropriate.

Prerequisites

• AWS access (CLI or Console) to the account into which you deploy.
• An Okta SAML Application.
• The Okta SAML Metadata URL for the Application.
• Admin permissions for the Okta Application.

Steps

• Create an SSM Parameter of type SecureString at path /configuration/mybranch/okta_metadata_url. The parameters value should be the requisite Okta SAML Metadata URL. The existence of this SSM parameter is what tells the deployment to connect with Okta.
• Deploy the 'mybranch' environment in the usual way. If 'mybranch' was previously deployed, you may rerun the deployment. If 'mybranch' has yet to be deployed, you may push the new branch and it will deploy.
• Find and copy/note the user pool id built for the environment. This can be found by looking at CloudFormation stack outputs for the ui-auth-mybranch stack, and finding the UserPoolId output value.
• Find and copy/note the Cognito user pool domain name. This can be found by looking at CloudFormation stack outputs for the ui-auth-mybranch stack, and finding the UserPoolClientDomain output value.
• Configure the Okta application with the user pool id and user pool client domain name. Note: The 'mybranch' environment's Okta login capability will not function correctly until this step is completed.

Notes