CloudDefense.AI
  • Connect Repositories
    • Scan a Github/Gitlab
    • Scan an Azure DevOps repository
    • Scan a Bitbucket repository
  • Scans
    • Written code Scan (SAST)
    • Open Source Libraries Scan (SCA)
    • Secrets Scan
    • DAST Scans
    • API Scan from CloudDefense UI
  • CI/CD
    • GitHub Enterprise Actions
    • Methods for CI/CD integration with CLI
    • CI/CD Policies
    • Jenkins integration with cdefence
  • Integration
    • IaC on GCR Scan
    • IaC on Amazon ECR Scan
    • IaC on Docker Hub Scan
    • Integration with ServiceNow
    • Integration with Jira
    • SSO Okta App Integration
    • Set up CloudDefense Single Sign-On (SSO)
    • SIEM
      • Azure Sentinel
      • IBM Qradar
      • Micro Focus ArcSight Logger
  • Features
    • Sharing Integration
    • How to Enable Multi-Factor Authentication
    • AUTO PR
    • Remediation using SAST Recommendations
    • Global Allowed List and Local allowed list - Documentation
    • File Exclude
  • CloudDefense CLI
    • Cloud Defense CLI
  • On-Prem Installation
    • Install CloudDefense Helm on a Kubernetes Cluster
    • Install CloudDefense suite on a Kubernetes cluster
  • Others
    • Team Management
    • User Management
    • App Management
    • LogIn/Signup process
Powered by GitBook
On this page
  • Prerequisites
  • Step 1: SignUp with OKTA account
  • Step 2: Create App Integration with OKTA Account
  • TROUBLESHOOTING STEPS:
  1. Integration

SSO Okta App Integration

PreviousIntegration with JiraNextSet up CloudDefense Single Sign-On (SSO)

Last updated 2 years ago

Prerequisites

  • Users are required to access to Cloud Defense Account

Step 1: SignUp with OKTA account

Before creating an APP in OKTA, first login to Cloud Defense. Inside the Integrations tab, go to SSO, click on OKTA and copy the redirect URL.

Step 2: Create App Integration with OKTA Account

Go to the applications page in OKTA, and click on Create App Integration.

Select Open-id connect as sign in method, and web application as Application

In General Settings, enter App name, select Grant type as Client credentials and Authorization code as Client acting on half of a user, enter the redirect url copied from Cloud defense application, and paste it in redirect URLs.

Select Controlled access value from Dropdown option.

Cope the client ID and secret of the APP

Paste Id and Secret in our application integration page inside OKTA

Sign in with your email ID with which you registered on OKTA

TROUBLESHOOTING STEPS:

1- Unexpected error while authenticating with identity provider and API is giving 502 bad gateway.

JIRA LINK - https://clouddefense.atlassian.net/browse/CD-187

Fix- Check the client id and client secret. Most probably the issue will be with credentials, if other IDPs are working. In case all IDPs are not working and showing the same issue, then we can probably look at ingress logs. https://stackoverflow.com/questions/42613491/azure-ad-webapp-behind-reverse-proxy-receives-502-bad-gateway

2- Invalid Username or Password

This error comes when we add the first login flow in identity provider settings as Linking Broker Flow. This error comes when we try to login with a new identity provider and email already exists with some other identity provider. In this case the below API fails and in the events we receive

IDENTITY_PROVIDER_FIRST_LOGIN_ERROR https://staging.clouddefenseai.com/auth/realms/cdefense/login-actions/first-broker-login?client_id=cdconsole&tab_id=o

The first step to debug this issue is to check the linking broker flow settings inside the authentication tab. Make sure if Create User If Unique and Automatically Set Existing User both are set to Alternative. Also check if both are added in the same order mentioned above.

3- Issues related to application redirecting to incorrect URLs

Make sure the correct frontend url is added in the realm settings as shown in screenshot 1. This is the frontend Url of our realm.

Also, in the clients section, select cdconsole and make sure Root URL, Valid Redirect URIs and Base URL are added correctly as mentioned in screenshot 2.

4- Sometimes on fresh setup, we get the below error in keycloak. ERROR: value too long for type character varying(255)

In order to fix this error, please update the type of value column in user_attribute table as text. This will solve this error.