kPow.IO
kPow.IO
The Ultimate Engineering Toolkit for Apache Kafka®
kPow User Guide
About
Introduction
Our Team
Trials and Licenses
Releases
Support
Data Collection
Installation
Quick Start
System Requirements
Deployment Notes
Minimum ACL Permissions
Application Logs
OpenShift
AWS Marketplace
Troubleshooting
Configuration
Environment Variable Glossary
Kafka Cluster
Schema Registry
Kafka Connect
Multi-Cluster Management
Azure Event Hubs
Confluent Cloud
Redpanda
User Authentication
Overview
LdapLoginModule
PropertyFileLoginModule
JDBCLoginModule
OpenID/OAuth 2.0
GitHub
Okta
SAML
User Authorization
Overview
Simple Access Control
Role Based Access Control
Features
Kafka Streams
Data Governance
Data Policies
HTTPS Connections
Live Mode
Data Inspect
Prometheus Integration
Slack Integration
Kafka Management
Topics
Groups
Brokers
ACLs
Connect
Schema Registry
Powered by GitBook

Okta

This integration configures OpenID Connect as the authentication mechanism with Okta as the identity provider (IdP) and kPow as the relying party.

Create an Okta OpenID Application

  1. Login to your Okta account.

  2. Navigate to Admin > Applications > Add Application > Create New App.

  3. In Create a New Application Integration set these values and click Create:

    • Platform: Web

    • Sign on method: OpenID Connect

  4. In Create OpenID Connect Integration set these values and click Save:

    • Application name: The name of your kPow instance, e.g. 'kPow Staging'.

    • Login redirect URIs: The absolute kPow callback URI, e.g. https://kpow-staging.mycorp.org/oauth2/okta/callback

  5. You will be redirected to the applications settings page.

  6. Navigate to General Settings > Edit, and configure: Initiate login URI: The absolute kPow login URI, e.g: https://kpow-staging.mycorp.org/oauth2/okta

    Optionally, if you would like Okta to appear in your organization's list of Okta apps:

    • Login initiated by: "Either Okta or App" selected.

    • Application visibility:

      • "Display application icon to users" selected.

      • "Display application icon in the Okta Mobile app" selected.

    • Allowed grant types:

      • "Implicit (Hybrid)" selected.

        • "Allow ID Token with implicit grant type" selected.

        • "Allow Access Token with implicit grant type" selected.

  7. Make note of the Client Credentials section that appears below.

  8. Click Assignments and assign users to kPow.

Integrate kPow with Okta OpenID

Set the following environment variables and start kPow:

  • AUTH_PROVIDER_TYPE=okta

  • OKTA_ORGANISATION= the name of your Okta organization, e.g. mycorp

  • OPENID_CLIENT_ID= the Client ID found in Client Credentials.

  • OPENID_CLIENT_SECRET= the Client Secret found in Client Credentials.

  • OPENID_LANDING_URI= The absolute kPow URI, e.g: https://kpow-staging.mycorp.org

kPow will now authenticate users with Okta (OpenID).

User Authorization (RBAC)

See the guide to Role Based Access Control for full configuration details.

Integration

When RBAC is enabled kPow will request groups scope to view the groups associated with an authenticated user. kPow considers Okta groups as roles in your RBAC configuration.

You will need to configure a relevant group claim filter for the kPow OpenID integration:

Previous
GitHub
Next - User Authentication
SAML
Last updated 6 months ago
Contents
Create an Okta OpenID Application
Integrate kPow with Okta OpenID
User Authorization (RBAC)