Knowledge Drop
Last tested: Jul 21, 2020
-
Once logged into Okta, navigate to ‘applications’ tab
-
Click ‘Add Application’ option
-
Click the ‘Create New App’
-
Ensure your new application has the ‘OpenID Connect’ option selected
-
Click ‘create’
-
Name your application, and enter your Looker URI with
/openidconnectadded to the end of it (as described in our OIDC docs). Make sure you are NOT using the admin version of the URL! -
Click ‘Save’
-
Ensure you are in the ‘General’ tab of the new application
-
Scroll down to the bottom of the ‘general’ page and get your Client ID (which maps to the ‘Identifier’ field in Looker’s Admin/OIDC page) and Client Secret (which maps to the ‘Secret’ field in Looker’s Admin/OIDC page)
-
Fill out all the necessary fields in the Looker UI as per our OIDC documentation. Take special note of which ‘scopes’ are required ("The OpenID Connect requires the
openidscope, but your OP will likely include other scopes, such asemail,profile, andgroups.) As shown in our docs, the information forAuthorization URL,Token URL, andUser Info URLwould follow the following format, though you’d replace the last path specified with the respective information name (/tokenfor token and/userinfofor user info):
https://${yourOktaDomain}/oauth2/v1/authorize
Plain Text
- Claim scopes as listed here: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- Please test your OIDC settings!