Setup auth provider

warning

It is important to follow all the steps in this guide to ensure a successful configuration of Okta authentication.

If you encounter any issues, please contact support.

Portal includes a built-in Okta authentication provider that uses OAuth for user authentication. To enable Okta authentication for your Portal instance, follow these steps.

Create App integration In Okta

Within your Okta dashboard create a new app integration where the sign-in method is OIDC - OpenID Connect. In addition, your application type should set to Web Application.

Once created, you can fill out the new web app integration form:

1. App integration name: "Spotify Portal" (or your own custom app name)
2. Grant type: Authorization Code & Refresh Token
3. Sign-in redirect URIs: https://<your-organization>.spotifyportal.com/api/auth/okta/handler/frame
4. Sign-out redirect URIs: https://<your-organization>.spotifyportal.com
5. Store your Client ID and generate and store your Client Secret
6. Click Save

For more information on how to Create an OIDC App Integration in Okta, refer to the Okta documentation.

Configure the Authentication Provider in Portal

Now navigate to the config-manager and click on the Auth plugin. We will now set up the authentication:

1. Open Config Manager in Portal and navigate to the Auth plugin.

2. Scroll to auth.providers.okta

3. Add a new configuration entry with "Key name" of production

4. Enter the following details from your Okta Web App Integration:

   • clientId
   • clientSecret
   • audience (URL of your Okta instance)

5. Set emailMatchingUserEntityProfileEmail as the sign-in resolver.

6. Click Save changes.

Next Steps

Your Portal instance is now set up to authenticate users via Okta. The next step is to populate your Catalog with your organization's user and team data from Okta so that users can gain access within Portal.

Continue to the next section to learn how to configure Okta and complete this integration.