Step # |
Description of Action |
Expected Result |
1 |
Log into Okta as an Okta Administrator |
Log into Okta is successful. |
2
|
Expand the Security dropdown in the menu bar on the left-hand side of the screen and select the API
|
API screen is presented. |
3
|
Click on the + Add Authorization Server button in the API screen.
|
Add Authorization Server dialog box is presented.
|
4
|
In the Add Authorization Server dialog box, populate the following values:
- Name: Vault Mobile
- Audience: Vault
- Description: Authorization for Vault Mobile.
Click Save.
|
The newly created Authorization server is presented.
|
5
|
Record the Metadata URI externally. Within the URI, replace “oauth-authorization-server” with “openid-configuration”
|
The Metadata URI is updated and recorded.
|
6
|
Click the Access Policytab on the Authorization Server record.
|
The Access Policy screen is presented.
|
7
|
Click the Add New Access Policy button.
|
The Add Policy dialogue box appears.
|
8
|
Populate the following information:
- Name: All
- Description: An open access policy.
Leave all other fields in the default value.
Click Create Policy.
|
A new Access Policy is created.
|
9
|
Click the Add Rule button in the newly created Access Policy.
|
The Add Rule dialogue box appears
|
10
|
Populate the following values:
Leave all fields in their default values
Click Create rule.
|
A new Rule record appears in the rule section.
|
11
|
Expand the Applications dropdown in the menu bar on the left-hand side of the screen and select the Applications
|
Applications screen is presented.
|
12
|
Click on the Create App Integration button in the Applications screen.
|
Create a new app integration dialog is presented.
|
13
|
In the Create a new app integration dialog box, make the following selections:
- Sign-in method: OIDC – OpenID Connect
- Application type: Native Application
Click Next.
|
The New Native App Integration screen is presented.
|
14
|
In the New Native App Integration screen, update the fields with the following information:
- App integration name: Vault Mobile
- Grant Type: Select Refresh Token
- Sign-in redirect URIs: com.veeva.vaultmobile://authorize
- Remove Sign-out redirect URIs
- Initiate login URI: com.veeva.vaultmobile://authorize
- Controlled Access: Allow everyone in your organization
- Deselect Enable immediate access with Federation Broker Mode
Click Save.
|
The newly created Application is presented.
|
15
|
In the General Settings section, click Edit and deselect the Require consent checkbox.
Click Save.
Record the Client ID.
|
The Application is updated.
|
16
|
Log in to Vault as the Domain Admin user.
|
Log in to Vault is successful.
|
17
|
Navigate to Admin>Settings>OAuth 2.0 / OpenID Connect Profiles.
|
OAuth 2.0 / OpenID Connect Profiles screen is presented.
|
18
|
Click the + Create button.
|
Create OAuth 2.0 / OpenID Connect Profiles screen is presented.
|
19
|
Populate the following:
Label: Okta OAuth
Status: Active
Click Upload AS Metadata
- Select Provide Authorization Server Metadata URL
- Paste previously recorded metadata URI
- Click Continue.
Authorization Server Provider: Okta
User ID Type: Federated ID
Uncheck Perform strict Audience Restriction validation
Click the Save button.
|
The newly created OAuth 2.0 / OpenID Connect Profile is presented.
|
20
|
Under the Client Applications section, click + Add
|
A New Client Application dialog box appears.
|
21
|
Populate the following:
Application Label: Vault Mobile
Application Client ID: vaultmobile
Authorization Server Client ID: Insert previously recorded Client ID
Click OK.
|
A new Client Application record appears in the Client Applications section
|
22
|
Navigate to the Security Policies section.
|
The Security Policies screen is presented.
|
23
|
Click on the Okta security policy.
|
The selected Security Policy screen is presented.
|
24
|
Click the Edit button and populate the following:
- OAuth 2.0 / OpenID Connect Profile: Select the previously created profile.
Click Save.
|
The Security Policy is updated.
|
25
|
Log out of Vault.
|
Log out of Vault is successful.
|