👨‍💻 API Reference 📣 Release Notes 📺 Request a Demo

Okta OIDC SSO Integration

PreviousEmail Authentication NextAzure AD OIDC SSO Integration

Last updated 9 days ago

Was this helpful?

Okta OIDC SSO Integration

These instructions will help administrators configure Fiddler for use with an existing Okta single sign-on application.

Okta Setup:

Set up an in Okta:

Select "Web Application" as the application type.
Configure the following URLs (replace {base_url} with your Fiddler deployment URL):
- Sign-in redirect URI - {base_url}/api/sso/okta/callback
- Sign-out redirect URI - {base_url}
- Base URI - {base_url}
Enable "Authorization Code" grant for user authorization.

Copy the client credentials from the "General" section:

Share the following details with the Fiddler services team:

Okta domain
Client ID
Client Secret
Okta Account Type (default or custom)

Deployment instructions

Create a <secret-filename>.yaml file using this template:

apiVersion: v1
kind: Secret
metadata:
  name: fiddler-sso-okta-credentials
  namespace: <NAMESPACE_NAME>
data:
  sso-okta-issuer: <OKTA_ISSUER> # https://<okta_domain>
  sso-okta-authorize-url: <AUTHORIZE_URL> # https://<okta_domain>/oauth2/v1/authorize
  sso-okta-token-url: <TOKEN_URL> # https://<okta_domain>/oauth2/v1/token
  sso-okta-user-info-url: <USER_INFO_URL> # https://<okta_domain>/oauth2/v1/userinfo
  sso-okta-client-id: <CLIENT_ID>
  sso-okta-client-secret: <CLIENT_SECRET>
  sso-okta-domain: <DOMAIN> # <okta_domain>
  authorization-type: <AUTHORIZATION_TYPE> # default
type: Opaque

Important:
Base64 encode all values (On macOS, use echo -n "string to encode" | base64).
Do not use double quotes in any values.
You can retrieve Okta URLs from https://<okta_domain>/.well-known/openid-configuration.

Apply the Kubernetes secret to your cluster:

kubectl apply -f <secret-filename>.yaml -n fiddler

Update your Helm values file with these settings:

fiddler:
  auth:
    sso:
      provider: okta
      okta:
        secretName: fiddler-sso-okta-credentials

Note: The new SSO settings apply once deployments are updated.

Logging into Fiddler:

After setup is complete:

Go to the Fiddler login page.
Click "Sign in with SSO".
Complete authentication on the Okta login screen.
If authentication succeeds, you'll be redirected to the Fiddler homepage.

Important Notes

Users must register with Fiddler using an invitation link from their Fiddler Org Admin before using SSO (unless auto-provisioning is configured).
Fiddler stores only the user's first name, last name, email address, and OIDC token.

PreviousEmail Authentication NextAzure AD OIDC SSO Integration

Last updated 9 days ago

Was this helpful?

These instructions will help administrators configure Fiddler for use with an existing Okta single sign-on application.

Okta Setup:

Set up an in Okta:

Select "Web Application" as the application type.
Configure the following URLs (replace {base_url} with your Fiddler deployment URL):
- Sign-in redirect URI - {base_url}/api/sso/okta/callback
- Sign-out redirect URI - {base_url}
- Base URI - {base_url}
Enable "Authorization Code" grant for user authorization.

Copy the client credentials from the "General" section:

Note your Okta domain and set up the in the "Sign On" section:

Share the following details with the Fiddler services team:

Okta domain
Client ID
Client Secret
Okta Account Type (default or custom)

Deployment instructions

Create a <secret-filename>.yaml file using this template:

apiVersion: v1
kind: Secret
metadata:
  name: fiddler-sso-okta-credentials
  namespace: <NAMESPACE_NAME>
data:
  sso-okta-issuer: <OKTA_ISSUER> # https://<okta_domain>
  sso-okta-authorize-url: <AUTHORIZE_URL> # https://<okta_domain>/oauth2/v1/authorize
  sso-okta-token-url: <TOKEN_URL> # https://<okta_domain>/oauth2/v1/token
  sso-okta-user-info-url: <USER_INFO_URL> # https://<okta_domain>/oauth2/v1/userinfo
  sso-okta-client-id: <CLIENT_ID>
  sso-okta-client-secret: <CLIENT_SECRET>
  sso-okta-domain: <DOMAIN> # <okta_domain>
  authorization-type: <AUTHORIZATION_TYPE> # default
type: Opaque

Important:
Base64 encode all values (On macOS, use echo -n "string to encode" | base64).
Do not use double quotes in any values.
You can retrieve Okta URLs from https://<okta_domain>/.well-known/openid-configuration.

Apply the Kubernetes secret to your cluster:

kubectl apply -f <secret-filename>.yaml -n fiddler

Update your Helm values file with these settings:

fiddler:
  auth:
    sso:
      provider: okta
      okta:
        secretName: fiddler-sso-okta-credentials

Note: The new SSO settings apply once deployments are updated.

Logging into Fiddler:

After setup is complete:

Go to the Fiddler login page.
Click "Sign in with SSO".
Complete authentication on the Okta login screen.
If authentication succeeds, you'll be redirected to the Fiddler homepage.

Important Notes

Users must register with Fiddler using an invitation link from their Fiddler Org Admin before using SSO (unless auto-provisioning is configured).
Fiddler stores only the user's first name, last name, email address, and OIDC token.
For API access, you need to create an access token from the "Credentials" tab in Fiddler's page (direct Okta authentication isn't supported for APIs).