Skip to main content

Setting up Okta

Added in eventcatalog@2.43.0
i
This feature is available on the Enterprise plan.
info

This guide takes your through setting up a protected sign-in screen for your docs. Before going through this guide, make sure you've first gone through Enabling authentication.

To setup your EventCatalog site with visitor authentication using Okta, the process looks as follows:

  1. Create a new Okta OAuth app
  2. Configure the OAuth app in EventCatalog
  3. Test the authentication

Create a new Okta OAuth app

First, you will need to create a new Okta OAuth app in your Okta Admin Console.

  1. Log in to your Okta Admin Console
  2. Navigate to ApplicationsApplications
  3. Click Create App Integration
  4. Select OIDC - OpenID Connect as the sign-in method
  5. Select Web Application as the application type
  6. Click Next
  7. Fill in the application details:
    • App integration name: EventCatalog
    • Grant types: Check Authorization Code
    • Sign-in redirect URIs:
      • Production: {YOUR_EVENTCATALOG_SITE_URL}/api/auth/callback/okta
      • Local development: http://localhost:3000/api/auth/callback/okta
    • Sign-out redirect URIs:
      • Production: {YOUR_EVENTCATALOG_SITE_URL}
      • Local development: http://localhost:3000
  8. Under Assignments, choose who can access this application:
    • Allow everyone in your organization to access (recommended)
    • Or assign to specific groups
  9. Click Save
  10. Copy the Client ID and Client Secret from the app settings
  11. Note your Okta domain (e.g., https://your-domain.okta.com)

Configure the OAuth app in EventCatalog

Add your Okta Client ID, Client Secret, and Issuer to your .env file.

.env
AUTH_OKTA_CLIENT_ID={YOUR_OKTA_CLIENT_ID}
AUTH_OKTA_CLIENT_SECRET={YOUR_OKTA_CLIENT_SECRET}
AUTH_OKTA_ISSUER=https://{YOUR_OKTA_DOMAIN}

Your Okta issuer URL should be in the format: https://your-domain.okta.com (without /oauth2/default unless you're using a custom authorization server). In your eventcatalog.auth.js file, add the following:

eventcatalog.auth.js
module.exports = {
  providers: {
    okta: {
      clientId: process.env.AUTH_OKTA_CLIENT_ID,
      clientSecret: process.env.AUTH_OKTA_CLIENT_SECRET,
      issuer: process.env.AUTH_OKTA_ISSUER,
    },
  },
};

Test the authentication

Okta authentication

Restart your EventCatalog server and test the authentication.

npm run dev

All pages should now be protected and require an Okta account to access.

  1. Navigate to your EventCatalog site
  2. You should be redirected to the sign-in page
  3. Click Sign in with Okta
  4. You'll be redirected to your Okta login page
  5. Enter your Okta credentials
  6. After successful authentication, you'll be redirected back to EventCatalog

Found an issue?

Remember to setup the prerequisites for this guide:

If you still have problems, please let us know.