OIDC: Okta Configuration

Create an Okta application

Create an Okta application

To create an Okta application for BloodHound, complete the following steps:

Create a new Okta application

Follow the Okta documentation to create a new application.

Set your application type to Native.

Configure the Okta application

When configuring the Okta application, use the following settings:

Field	Value
Login redirect	`https://{domainname}/api/v2/sso/{chosenProviderName}/callback` Example: `https://test.bloodhoundenterprise.io/api/v2/sso/bhestandard/callback`
Logout redirect	`https://{domainname}/` Example: `https://test.bloodhoundenterprise.io/`

Note the following values:

Client ID
Issuer URL

You’ll use the Client ID from the Okta Client Credentials and the Issuer URL from the Okta Authorization Server when you configure BloodHound.

Create custom claims

If you want to map additional user attributes (first name, last name, role) from Okta to BloodHound, you must create custom claims in Okta.Go to Security > API > Authorization Servers > Claims and create the following claims:

First name
Last name
Role

Field	Setting
Name	first_name
Include in token type	ID Token → Always
Value type	Expression
Value	`user.firstName`
Include in	Any scope (or Profile)

Field	Setting
Name	last_name
Include in token type	ID Token → Always
Value type	Expression
Value	`user.lastName`
Include in	Any scope (or Profile)

Field	Setting
Name	roles
Include in token type	ID Token → Always
Value type	Groups
Filter	Starts with —> `bh-`
Include in	Any scope (or Profile)

OIDC in BloodHound SAML in BloodHound

⌘I

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

OIDC: Okta Configuration

Create an Okta application

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Create an Okta application

Create an Okta application