Guides
SupportStatus
Start typing to search…

Okta IdP Configuration

✔️ Configuring Okta for your wallet and approver application!

This is a prerequisite configuration before you deploy your online wallet. In this guide, we will walk you through the steps to configure Okta for your wallet and approver application. Okta provides a comprehensive identity platform that will enable secure authentication and authorization for your applications.

Prerequisites

Before you begin, make sure you have the following prerequisites in place:

  • Access to an Okta organization with administrator permissions. This can be a free Okta Developer Account or your company's existing Okta enterprise environment.
  • The API Access Management feature must be enabled in your Okta organization to create a custom API resource (Authorization Server). This is included in Developer Accounts by default.
  • Users and/or Groups created in your Okta organization that you can assign to the applications for testing. You can create users under Directory > People.

Step 1: Create Required Resources

To configure Okta for your wallet and approver application, you need to create the following three resources in Okta:

  1. Single Page Application (SPA) Resource This resource will represent your wallet application, which typically runs in a web browser.

    1. Log in to the Okta Admin Console.
    2. Go to the Applications > Applications section.
    3. Click on the Create App Integration button.
    4. Select OIDC - OpenID Connect as the Sign-in method.
    5. Choose the Single-Page Application option for the Application type.
    6. Provide a name for your application (e.g., "Wallet App").
    7. Click Save. You will be taken directly to the application's settings page, where you can proceed with the configuration in Step 2.

  2. Native Application Resource This resource will represent your approver application, which runs natively on a device (e.g., mobile or desktop).

    1. In the Okta Admin Console, go to Applications > Applications.
    2. Click on the Create App Integration button.
    3. Select OIDC - OpenID Connect as the Sign-in method.
    4. Choose the Native Application option for the Application type.
    5. Provide a name for your application (e.g., "Approver App").
    6. Click Save to proceed to the application's settings page.

  3. API Resource (Authorization Server) This resource will represent the API that your applications will communicate with. In Okta, this is handled by a Custom Authorization Server.

    1. In the Okta Admin Console, go to Security > API.
    2. Click on the Add Authorization Server button.
    3. Provide a Name for your API (e.g., "Wallet API").
    4. Set the Audience to a unique URI for your API (e.g., api://wallet-api). This will be your API's unique identifier.
    5. Provide a Description (optional) and click Save.

Step 2: Configure Application Settings

Once you have created the required resources, you need to configure the settings for each application.

Configuring Wallet Application (SPA)

  1. Navigate to the Applications > Applications section in the Okta Admin Console.
  2. Select your wallet application (e.g., "Wallet App").
  3. In the General tab, click Edit.
  4. Configure the following settings:
    • Grant type: Ensure only the following is checked:
      • Authorization Code (Note: Okta automatically applies the recommended Proof Key for Code Exchange (PKCE) security feature to all Single-Page Applications.)
    • Sign-in redirect URIs: Add the full URL of your wallet front-end, ensuring it ends with /login/callback (e.g., https://wallet.yourcompany.com/login/callback).
    • Sign-out redirect URIs: Add the full URL of your wallet front-end (e.g., https://wallet.yourcompany.com).
    • User consent: Set to "Require consent" (this ensures users explicitly authorize the application).
  5. Scroll down to the Client Credentials section:
    • Ensure Client authentication is set to None (public client).
  6. Under Login, verify:
    • Issuer is set to Dynamic (allows the app to work with the appropriate authorization server).
  7. Assignments: Assign the application to the appropriate users or groups under the Assignments tab.
  8. Save your changes.

Configuring Approver Application (Native)

  1. Navigate to the Applications > Applications section in the Okta Admin Console.
  2. Select your approver application (e.g., "Approver App").
  3. In the General tab, click Edit.
  4. Configure the following settings:
    • Grant type: Ensure the following are checked:
      • Authorization Code
      • Refresh Token
    • Sign-in redirect URIs: com.blockdaemon.reactnativeapproverapp://callback
    • Sign-out redirect URIs: com.blockdaemon.reactnativeapproverapp://callback
  5. Scroll down to the Client Credentials section:
    • Ensure Client authentication is set to None (public client).
    • Check the box for Require PKCE as additional verification.
  6. Assignments: Assign the application to the appropriate users or groups under the Assignments tab.
  7. Save your changes.

Step 3: Create an Access Policy (Link API to Apps)

You must create an Access Policy to grant your Wallet and Approver applications permission to use your API.

  1. In the Okta Admin Console, navigate to Security > API.
  2. Select your API resource (e.g., "Wallet API").
  3. Go to the Access Policies tab and click Add Policy.
  4. Give the policy a Name (e.g., "Wallet and Approver Access Policy") and a Description.
  5. In the Assign to section, select The following clients.
  6. Begin typing the names of your applications (e.g., "Wallet App" and "Approver App") and select them from the list.
  7. Click Create Policy.
  8. Now, within the policy you just created, click Add Rule.
  9. Give the rule a Name (e.g., "Default Access Rule"), and configure:
    • Grant types allowed: Authorization Code
    • Scopes allowed: openid, email, profile
    • Access token lifetime: 60 minutes
    • Refresh token lifetime: Unlimited (rotation enabled)
    • Refresh token window: 90 days
    • People: include Everyone (or your target groups/users)
  10. Click Create Rule.

Your applications are now authorized to request tokens from your API.

Step 4: Finding Values for Your Apps

You will need the following values from your Okta configuration to set up your Wallet and Approver applications.

Summary of Configuration Values Use the list below to keep track of the critical values for your application configuration.

  • Okta Domain: [Enter your Okta domain URL here]
    • Location: Your Okta organization URL (e.g., https://dev-12345.okta.com).
  • Wallet App Client ID: [Enter your Wallet App Client ID here]
    • Location: Navigate to Applications > Applications, select your Wallet App, and find the ID on the General tab.
  • Approver App Client ID: [Enter your Approver App Client ID here]
    • Location: Navigate to Applications > Applications, select your Approver App, and find the ID on the General tab.
  • API Audience: [Enter your API Audience URI here] (default: api://wallet-api)
    • Location: Navigate to Security > API, select your API, and find the Audience value on the Settings tab.
  • API Issuer URI: [Enter your API Issuer URI here]
    • Location: Navigate to Security > API, select your API, and find the Issuer URI on the Settings tab.

🗣️ We Are Here to Help!

Please contact us via email or support chat if you encounter an issue, bug, or need assistance. Don't forget to include any relevant details about the problem. To request a wallet form and Institutional Vault Approver form, please click here or contact our sales team.

Updated about 19 hours ago