diff --git a/frontend-react/docs/okta.md b/frontend-react/docs/okta.md new file mode 100644 index 00000000000..db98dcc567b --- /dev/null +++ b/frontend-react/docs/okta.md @@ -0,0 +1,13 @@ +# Okta-side configuration + +Our frontend is configured to identify as the "Web" application. + +## Dev-side configuration + +Our use of okta in frontend is configured by the following environment variables whose values can be found in the application listing within Okta: +-VITE_OKTA_CLIENTID +-VITE_OKTA_URL + +These variables can be assigned locally for local development (.env.*.local) or by github actions (using values in secrets storage either in github itself or azure). + +We use Okta's [Embedded Sign-In Widget for React](https://developer.okta.com/docs/guides/sign-in-to-spa-embedded-widget/react/main/), which includes other Okta-related libraries for react, to handle okta workflows. \ No newline at end of file diff --git a/prime-router/docs/getting-started/swagger.md b/prime-router/docs/getting-started/swagger.md index 8194d47b68e..0829fbcbd25 100644 --- a/prime-router/docs/getting-started/swagger.md +++ b/prime-router/docs/getting-started/swagger.md @@ -62,15 +62,15 @@ Starting from the Okta section in the `Authorize` menu 1. Login to OKTA as an administrator and click the "Admin" button in the top-right 2. In the left pane, navigate Applications -> applications -3. In the resulting right pane, select the instance to be configured (e.g. `Simple Report (localdev)`) +3. In the resulting right pane, select the instance to be configured (e.g. `Swagger`) 4. Viewing the details of the instance, you will see a `client_id` and `client_secret` (be sure to mask these values) 5. Under General Settings, ensure the "Authorization Code" flow is checked 6. Under Login, ensure this value appears in the sign-in redirect URI list: `http://127.0.0.1:10000/devstoreaccount1/apidocs/oauth2-redirect.html` 7. Ensure the application instance is associated with your OKTA account. Select assignment at the top of the page and ensure your username is selected. -8. You need to associate "Simple Report (localdev)" with you - your OKTA account (your email/password/MFA) - To do so, click the assignment on top of the page and you will see all the users : Joe Smith, Jane Doe etc., select your user name, and you will be tied to the app - Simple Report (localdev) +8. You need to associate "Swagger" with you - your OKTA account (your email/password/MFA) + To do so, click the assignment on top of the page and you will see all the users : Joe Smith, Jane Doe etc., select your user name, and you will be tied to the app - Swagger #### Server-to-server diff --git a/prime-router/docs/okta/admin-management.md b/prime-router/docs/okta/admin-management.md new file mode 100644 index 00000000000..f79ef9ee6fb --- /dev/null +++ b/prime-router/docs/okta/admin-management.md @@ -0,0 +1,39 @@ +# Admin Management + +More details about the organization within okta can be found in [this doc](https://cdc.sharepoint.com/:p:/r/teams/ReportStream/_layouts/15/Doc.aspx?sourcedoc=%7B313111b2-502c-4f60-ac8c-bbcf3c9b1dab%7D&action=edit&wdPreviousSession=a28aeb1e-02b3-b6be-49ab-cafb30120e6f) + +Okta admin potential responsibility areas are: +- App registry management +- User/group management +- Security configuration management +- Log checking + +ReportStream's Okta has the following specialized admin roles for team members: +- Owners +- Support Team +- Onboarding Engineers +- Front-end Engineers +- Tech Leads + + +## App registry management + +The app registry page can be found by the following side-navigation: Applications > Applications. + +All reportstream-developed programs with authentication elements should be configured towards an application listed on this page. + + +## User/Group management + +Accessible via the side-navigation: Directory > People or Directory > Groups + +## Security configuration management + +The policies are enforced in the following order (accessed through "Security" in side-navigation): +- Global Session Policy +- Authentication Policy +- Password Policy (from side-navigation: Security > Authenticators > Click Actions for the "Password" table line > Edit) + +## Log checking + +The global log can be accessed from side-navigation: Reports > System Log. They can also be filtered by user by going to the user's management page (side-navigation: Directory > People) and clicking "View Logs". \ No newline at end of file diff --git a/prime-router/docs/onboarding-users/receivers.md b/prime-router/docs/onboarding-users/receivers.md index 5ff677f3d70..1d141e11d14 100644 --- a/prime-router/docs/onboarding-users/receivers.md +++ b/prime-router/docs/onboarding-users/receivers.md @@ -176,7 +176,7 @@ output here: `/prime-router/build/sftp` ### 5. Create access to the Download site -* If the organization has elected for download access, set up an Okta account. +* If the organization has elected for download access, [set up an Okta account](./okta-account-creation.md). * If you are testing in Test, obviously you'll need to set up access to that download site. ### 6. Validation in Prod