Okta

The Okta connector integrates the Maverics Orchestrator with the Okta identity platform — enabling OIDC-based single sign-on for your applications.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Okta connector uses OpenID Connect to federate authentication with Okta. It uses type: okta in the connector configuration and supports standard OIDC flows — allowing you to consolidate SSO across applications and bridge Okta-managed identities with legacy applications that lack native Okta support.

Use Cases

SSO consolidation — Extend Okta SSO to legacy and on-premises applications without code changes
Okta-to-legacy bridging — Translate modern OIDC tokens into header-based or cookie-based authentication
Multi-IdP orchestration — Route authentication to Okta alongside other identity providers

Configuration

Console UI
Configuration

Console UI documentation is coming soon. This section will walk you through configuring this component using the Maverics Console’s visual interface, including step-by-step screenshots and field descriptions.

Okta configuration screen in Maverics Console

connectors:
  - name: okta
    type: okta
    oidcWellKnownURL: "https://{{ env.OKTA_ORG }}.okta.com/.well-known/openid-configuration"
    oauthClientID: "{{ env.OKTA_CLIENT_ID }}"
    oauthClientSecret: <vault.okta_client_secret>
    oauthRedirectURL: "https://app.example.com/oidc/callback"
    scopes: "openid profile email"

The Okta well-known URL follows the org-based pattern: {org}.okta.com. If you are using a custom authorization server, use the path {org}.okta.com/oauth2/{server-id}/.well-known/openid-configuration.

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced in app policies
`type`	string	Yes	Must be `okta`
`oidcWellKnownURL`	string	Yes	OIDC discovery endpoint URL (org-specific)
`oauthClientID`	string	Yes	OAuth 2.0 client ID from the Okta admin console
`oauthClientSecret`	string	Yes	OAuth 2.0 client secret (use secret reference syntax)
`oauthRedirectURL`	string	Yes	Callback URL registered with the Okta application
`scopes`	string	No	Space-separated OAuth scopes (default: `openid profile email`)
`oauthExtraParams`	map	No	Additional query parameters for the authorization request
`tls`	string	No	Named TLS profile for provider communication

For the complete field reference including health checks, offline access, and PKCE settings, see Identity Fabric.

Troubleshooting

Verify the oidcWellKnownURL is accessible from the Orchestrator host — ensure the Okta org name is correct
Ensure the oauthRedirectURL matches exactly what is registered in the Okta application under Sign-in redirect URIs
Check that the client secret reference resolves correctly via your secret provider

Identity Fabric

Overview of all identity providers

Azure AD

OIDC connector for Microsoft Entra ID

Auth0

OIDC connector for Auth0 by Okta

Custom OIDC

Generic OpenID Connect connector

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Identity Fabric

Azure AD

Auth0

Custom OIDC

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Identity Fabric

Azure AD

Auth0

Custom OIDC

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages