...
Obviously your Opmantek server will need internet access to be able to talk to OKTA.
In the authentication → auth_method_1 entry, you should use openid_connect.
Open-AudIT specifics
For Open-AudIT the username within Open-AudIT match the username used to sign in to OKTA. No password should be set for the user inside Open-AudIT. This will prevent logon if OKTA is not available. If it is desirable to allow logon if OKTA is not available, set the password inside Open-AudIT.
Configuration Example
"auth_openid_connect" : [{
"type": "okta",
"url": "https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token",
"password": "password",
"test_error": "error_description",
"test_success": "access_token",
"username": "username",
"post": {
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"grant_type": "password",
"scope": "openid",
"password": "",
"username": ""
},
"headers": {
"accept": "application/json",
"content-type": "application/x-www-form-urlencoded"
}
}]