Example: Setting up custom mapping for an Okta OIDC app
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
Follow these steps configure an integration for OIDC Okta.
In Okta, select Applications -> Applications -> Create App Integration then choose OICD OpenID Connect and Web Application.
In the next step add an App integration name for your OIDC application, check the Implicit Grant Type and add the Sign-in redirect URI relevant to your Snyk platform deployment. Remove the placeholder Sign-out redirect URI and choose your assignment access control before clicking Save.
On the application page that opens after saving, copy the details as per OIDC information to provide to Snyk following details and provide to your Snyk contact:
Client ID
If you are not using Implicit Grant type, the client secret
Also share with Snyk the Issuer URL/domain. This is typically the URL you find in your browser address bar without "-admin", for example, https://customer.example.okta.com. It can also be found under the Sign-On tab of your application by editing the OpenID Connect ID Token from Dynamic Issuer to Okta URL.
If you wish to set up custom mapping, move on to the next section of this guide.
Custom mapping for an OIDC application in Okta is easily managed through custom attributes on group level.
In Okta, select your newly created OIDC application user profile under Directory -> Profile editor.
Select +Add Attribute.
In the corresponding fields, add the following details for this Attribute and click Save: Data type: string array Display name: Snyk roles Variable name: roles Group Priority: Combine values across groups
On the main page of Okta select Directory -> Groups.
Select a Group, navigate to the Applications tab, click Assign application if not already assigned, and choose your Snyk OIDC app,. Then click on the pencil next to the displayed Snyk OIDC app.
In the Edit App Assignment dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letter(s)), following the syntax explained in custom mapping (or legacy custom mapping if using the legacy mapping option). Example, snyk:org:*:org_admin
.
Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group.