Integrate Okta with ZTP using OIDC

Prerequisites

This integration requires the following:

• Okta Identity Cloud account with admin credentials

• An active ZTP account, accessible using the Bootstrap Identity provided by AppGate

• A test user account on your Okta cloud directory with at least the following attributes configured:

  • email, for example: joe.smith@mycompany.com

  • firstName, for example: Joe

  • lastName, for example: Smith

Step 1: Add a new application in Okta

1. Log in to your Okta admin account. Confirm that you are on the Admin UI, not the end-user dashboard.

2. In the left menu, go to Applications and click Create App Integration.

3. For Sign-in method, select OIDC – OpenID Connect. For Application type, select Web Application.

4. On the New Web App Integration page, enter a name for the application, for example: AppGate ZTP.

5. Leave all other fields at their default values and click Save.

Step 2: Record the client credentials

6. In the General tab of the application settings, record the Client ID value.

7. Click Edit.

8. In the Sign-in redirect URI field, enter a placeholder URL, for example: https://example.com. You will replace this value after completing the ZTP configuration form.

9. In the Sign-out redirect URI field, enter the same placeholder URL.

10. Click Save.

11. Record the Client ID and Client Secret values from the General tab before proceeding to configure the IdP in ZTP.

Step 3: Configure the IdP in ZTP

1. In ZTP, go to Settings > Identity Providers in the left menu.

2. Click Add New and select Open ID provider.

3. Complete the form using the following values:

4. Copy the Redirect URI from the ZTP configuration form by clicking the copy to clipboard button.

5. In Okta, set the Sign-in redirect URI field to the Redirect URI you copied from ZTP.

6. Set the Sign-out redirect URI field to the same Redirect URI, appending /logout_response to the end of the URL.

7. Click Save and test the integration.