Okta OIDC SSO Integration
These instructions will help administrators configure Fiddler for use with an existing Okta single sign-on application.
Okta Setup:
Set up an OIDC configuration in Okta:
Select "Web Application" as the application type.
Configure the following URLs (replace
{base_url}
with your Fiddler deployment URL):Sign-in redirect URI -
{base_url}/api/sso/okta/callback
Sign-out redirect URI -
{base_url}
Base URI -
{base_url}
Enable "Authorization Code" grant for user authorization.
Configuring Okta grant type and sign-in redirect URI Configuring Okta sign-out redirect URI and base URI
Copy the client credentials from the "General" section:

Note your Okta domain and set up the group claim filter in the "Sign On" section:

Share the following details with the Fiddler services team:
Okta domain
Client ID
Client Secret
Okta Account Type (default or custom)
Deployment instructions
Create a
<secret-filename>.yaml
file using this template:
apiVersion: v1
kind: Secret
metadata:
name: fiddler-sso-okta-credentials
namespace: <NAMESPACE_NAME>
data:
sso-okta-issuer: <OKTA_ISSUER> # https://<okta_domain>
sso-okta-authorize-url: <AUTHORIZE_URL> # https://<okta_domain>/oauth2/v1/authorize
sso-okta-token-url: <TOKEN_URL> # https://<okta_domain>/oauth2/v1/token
sso-okta-user-info-url: <USER_INFO_URL> # https://<okta_domain>/oauth2/v1/userinfo
sso-okta-client-id: <CLIENT_ID>
sso-okta-client-secret: <CLIENT_SECRET>
sso-okta-domain: <DOMAIN> # <okta_domain>
authorization-type: <AUTHORIZATION_TYPE> # default
type: Opaque
Important:
Base64 encode all values (On macOS, use
echo -n "string to encode" | base64
).Do not use double quotes in any values.
You can retrieve Okta URLs from
https://<okta_domain>/.well-known/openid-configuration
.
Apply the Kubernetes secret to your cluster:
kubectl apply -f <secret-filename>.yaml -n fiddler
Update your Helm values file with these settings:
fiddler:
auth:
sso:
provider: okta
okta:
secretName: fiddler-sso-okta-credentials
Note: The new SSO settings apply once deployments are updated.
Logging into Fiddler:
After setup is complete:
Go to the Fiddler login page.
Click "Sign in with SSO".
Complete authentication on the Okta login screen.
If authentication succeeds, you'll be redirected to the Fiddler homepage.

Important Notes
Users must register with Fiddler using an invitation link from their Fiddler Org Admin before using SSO (unless auto-provisioning is configured).
Fiddler stores only the user's first name, last name, email address, and OIDC token.
For API access, you need to create an access token from the "Credentials" tab in Fiddler's Settings page (direct Okta authentication isn't supported for APIs).
Last updated
Was this helpful?