Self-hosting Apidog
  1. Authentication Providers
Self-hosting Apidog
  • Overview
  • Introduction
    • Obtaining Apidog On-Premises License
    • System Requirements
    • Data Privacy & Compliance
  • Deployment
    • Running Apidog on Docker
    • Running Apidog on Kubernetes
    • Running Apidog Multi-Container Deployment without Kubernetes
  • Post Deployment
    • Accessing Apidog Admin Panel
    • Accessing Apidog Web Interface
    • Installing Apidog On-Premises Client
  • Configurations
    • Environment Variables
    • Database Configuration
    • Storage Services Configuration
    • Git Connection Configuration
    • Authentication Providers
      • Using LDAP for Authentication
      • Using OKTA for Authentication
      • Using OAuth2.0 for Authentication
  • Maintenance & Upgrades
    • Updating Apidog
    • Backing up Apidog
    • License Renewal
    • System Design Flow
  • Troubleshooting
    • Troubleshooting
    • FAQ
  • Apidog API (coming soon)
  1. Authentication Providers

Using OKTA for Authentication

Environment VariableDescriptionDefault ValueOther
OKTA_ENABLEWhether to enable Okta login serviceSupported from version v2.1.24. Set to "true" to enable, or leave blank or unset to disable
OKTA_CLIENT_IDOkta application IDMust be filled in when Okta service is enabled
OKTA_CLIENT_SECRETOkta application access secretMust be filled in when Okta service is enabled
OKTA_DOMAINOkta API access domainMust be filled in when Okta service is enabled
OKTA_LOGIN_USER_ID_ATTRDefault value is "id", used as the unique ID for Okta user attributesidOptional

1. Create an Application#

In the Admin Console, navigate to the Applications menu, and then Click Create Application and configure the application with the following settings:
Settings:
Sign-in method: OIDC
Application type: Web Application
image.png
#
image.png

2. Set up application#

Click on the newly created application to open the Details page. In the General section of the Okta application, most configurations can be left as default. However, there is one specific configuration that must be set:
Settings:
Sign-in redirect URI: {BASE_URL}/passport/okta/callback
Sign-out redirect URI: {Front-end Origin }
image.png

3. Configure Users and Permissions#

In the Okta Assignments section, specify the members who should have access to the Apidog service. While in the Okta API Scopes section, grant logged-in users permission to retrieve their personal information by setting okta.users.read.self to Granted.
image.png
Account synchronization:
After a successful initial login authorization with Okta, Apidog will attempt to initialize the account using the Okta email and username.
1.
Binding to an Existing Account: If an email from Okta matches an existing Apidog account, the Okta user will be directly bound to that account to prevent one user from occupying multiple accounts. If you need to bind to an existing account, log in with your username and password, modify the email in the Account Settings to match the Okta email, and then use Okta for subsequent logins.
2.
Duplicate Usernames: If the initial Okta username conflicts with an existing Apidog username, the Okta username will be modified to {okta_username}_{timestamp} to avoid duplication. After the initial login, you can change the username in your Account Settings.

4. Server Configuration#

OKTA_ENABLE="true"
OKTA_LOGIN_USER_ID_ATTR="id"       // Default is "id"

OKTA_CLIENT_ID="Client ID"         // Corresponds to label 1 in the screenshot below
OKTA_CLIENT_SECRET="Client Secret" // Corresponds to label 2 in the screenshot below
OKTA_DOMAIN="Okta domain"          // Corresponds to label 3 in the screenshot below

Note: The "Screenshot" mentioned above refers to a visual presentation containing the specified labels referring to certain elements or attributes.
On the Okta Application's General Configuration page, the following configuration details will be automatically generated when the application is created:
image.png
Modified at 2025-12-08 05:03:55
Previous
Using LDAP for Authentication
Next
Using OAuth2.0 for Authentication
Built with