Self-hosting Apidog
  1. Configuration
Self-hosting Apidog
  • Installation
    • Installation Overview
    • Obtaining Apidog On-premises License
    • Running Apidog on Docker
    • Running Apidog on Kubernetes
    • Running Apidog Multi-Container Deployment without Kubernetes
    • Admin Panel
    • Installing Apidog Client
    • Backing up Apidog
    • Renewing Apidog
    • Updating Apidog
    • Supported browsers
    • Privacy
  • Configuration
    • Environment Variables
    • Configuring the application database
    • Configuring the application storage service
    • Using LDAP for authentication
    • Using OKTA for authentication
    • Using OAuth2.0 for authentication
  • Apidog API (coming soon)
  • Troubleshooting
    • Troubleshooting
    • FAQ
  1. Configuration

Using OKTA for authentication

Environment VariableDescriptionDefault ValueOther
OKTA_ENABLEWhether to enable Okta login serviceSupported from version v2.1.24. Set to "true" to enable, or leave blank or unset to disable
OKTA_CLIENT_IDOkta application IDMust be filled in when Okta service is enabled
OKTA_CLIENT_SECRETOkta application access secretMust be filled in when Okta service is enabled
OKTA_DOMAINOkta API access domainMust be filled in when Okta service is enabled
OKTA_LOGIN_USER_ID_ATTRDefault value is "id", used as the unique ID for Okta user attributesidOptional

1. Create an Application#

In the Admin Console, go to the Applications menu and create an application with the following settings:
image.png
image.png

2. Set up application#

Click on the created application to enter the details page. In the General section of the Okta application, most configurations can be left as default. However, there is a specific configuration that needs to be set:
image.png

3. Configure Users and Permissions#

In Okta Assignments, specify the members who can access the Apidog service.
In Okta Api Scopes, allow logged-in users to retrieve their personal information. Set okta.users.read.self to Granted.
image.png
Account synchronization:
After a successful initial login authorization with Okta, the Apidog service will attempt to initialize the account using the Okta email and username.
1.
Binding to an existing account: If a matching email is already registered with an Apidog account, to avoid one user occupying multiple accounts, the current Okta user will be directly bound to the Apidog account corresponding to this email. If a registered user needs to bind, please log in with the username and password, and then modify the email in the account settings to ensure consistency with the Okta email before using Okta to log in.
2.
Duplicate usernames: If the initial username conflicts with another Apidog user, it will be set as { okta username }_{ timestamp } to differentiate it. After successful login, the username can be modified in the account settings.

4. Server Configuration#

OKTA_ENABLE="true"
OKTA_LOGIN_USER_ID_ATTR="id"       // Default is "id"

OKTA_CLIENT_ID="Client ID"         // Corresponds to label 1 in the screenshot below
OKTA_CLIENT_SECRET="Client Secret" // Corresponds to label 2 in the screenshot below
OKTA_DOMAIN="Okta domain"          // Corresponds to label 3 in the screenshot below

Note: The "Screenshot" mentioned above refers to a visual presentation containing the specified labels referring to certain elements or attributes.
Okta Application's General Configuration page, the following configuration information will be automatically generated when creating the application.
image.png
Previous
Using LDAP for authentication
Next
Using OAuth2.0 for authentication
Built with