Walkthrough — OKTA OpenID connection with Appian 23.1+
The purpose of this article is to outline step by step guide on how to actually create an OpenID Connection in Appian with OKTA.
The steps are as follows
- Log into OKTA developers Dashboard / Applications / Applications / and click on “Create App Integration”
2. Select the Sign-in method “OIDC — OpenID Connect” and Application type “Web Application”.
3. Here provide a name for the application, grant type would be “Authorization Code” and “Refresh Token”.
The redirect URI would be the Appian 23.1 instance with the endpoint /suite/oidc/callback
4. Click “Save”
As is shown below, the client authentication selected is “Client Secret” as it generates both the clientID/secret.
NB: Make note of the client secret as this will be required when configuring OpenID Connect in Appian
5. To support Group Claims, click on “Sign On” tab and then scroll down to OpenID Connect ID Token. Then click “Edit”
6. From Groups claim filter select “Groups” and drop down select “Matches regex” and then add the expression .* and save.
Assign the application to a user by clicking on the Assignments tab and then “Assign” and “Assign to People”
7. Select a user and click “Assign” and then “Done” and then “Save and back”
8. Next, log into appian using a sysadmin native account and create a group to assign as the Authentication Group which in this case is called ‘oidc’.
Set the Membership Rule to Add ‘all users’ and click “CREATE”
9. Then move to the Appian Admin Console and set the following configuration:
To ensure use mapping allows SAML users to be generated in Appian and assigned to the security group, add the above attribute mappings.
10. Scroll Down and test the connection i.e. click on “Verify My Access”
11. Click on “Verification Completed” and “Save Changes”
Additional Information
NB: All articles written by me are not endorsed by appian.
