Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Konnect
  • Home icon
  • Kong Konnect
  • Dev Portal
  • Applications
  • Dynamic Client Registration
  • Okta
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Prerequisites
    • Issuer URL
    • Create a token
    • Add scopes
    • Add claim
  • Configure the Dev Portal
  • Create an application with DCR
  • Make a successful request

Configuring Okta for Dynamic Client Registration

Prerequisites

  • Enterprise Konnect account.
  • An Okta account.

Issuer URL

Using your Okta credentials, log in to the Okta portal and follow these steps:

  1. Select Security from the menu.

  2. Select Security > API. The default Issuer URL should be displayed in the Authorization Servers tab. If you are using an authorization server that you configured, copy the issuer URL for that authorization server.

Create a token

  1. Select Security from the menu.

  2. Select Security > API.

  3. From the Tokens tab, click the Create token button.

  4. Enter a name for your token, and then copy the token value.

    Important: Store the token in a place you can reference, because it will only be visible as a hash afterwards.

Add scopes

  1. Select Security from the menu.

  2. Select Security > API.

  3. Select the authorization server that you want to configure.

  4. Select the Scopes tab, and click the Add Scope button.

Add claim

In order to map an application from the Dev Portal to Okta, you have to create a claim.

  1. Select Security from the menu.

  2. Select Security > API.

  3. Select the authorization server that you want to configure.

  4. Select the Claims tab. and then click the Add Claim button.

  5. Enter a name for this claim, and enter app.clientId for value. We can leave the value type as expression, and include it in any scope.

Configure the Dev Portal

Once you have Okta configured, you can set up the Dev Portal to use Okta for dynamic client registration (DCR).

  1. Sign in to Konnect, then select dev-portal icon Dev Portal from the menu.

  2. Click Settings to open the Dev Portal settings.

  3. Click the Application Setup tab to open the DCR settings for your Dev Portal.

  4. Enter the Issuer URL for your authorization server, and the Token that were created in Okta.

  5. Enter the names of the Scopes and Claims as comma-separated values in their corresponding fields. The values should match the scopes or claims that were created in Okta.

    Note: You can use any of the existing scopes besides openid, as using the openid scope prevents you from using client credentials. If the Scopes field is empty, openid will be used.

  6. Click Save.

    If you previously configured any DCR settings, this will overwrite them.

Create an application with DCR

From the My Apps page in the Dev Portal, follow these instructions:

  1. Click the New App button.

  2. Fill out the Create New Application form with your application name, redirect URI, and a description.

  3. Click Create to save your application.

  4. After your application has been created, you will see the Client ID and Client Secret. Please store these values, they will only be shown once.

    Click Proceed to continue to the application’s details page.

  5. Once your application is created, you will see it in Okta. From your Okta organization select Applications from the menu. You will see your application that was created in the Dev Portal, and its corresponding Client ID.

Make a successful request

In the previous steps, you obtained the Client ID and Client Secret. To authorize the request, you must attach this client secret pair in the header. You can do this by using any API product, such as Insomnia, or directly using the command line:

curl example.com/REGISTERED_ROUTE -H "Authorization: Basic CLIENT_ID:CLIENT_SECRET"

Where example.com is the address of the data plane.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023