❕ The use of this Sample uses an SDK that requires usage of the Okta Identity Engine. This functionality is in general availability but is being gradually rolled out to customers. If you want to request to gain access to the Okta Identity Engine, please reach out to your account manager. If you do not have an account manager, please reach out to oie@okta.com for more information.
This Sample Application will show you the best practices for integrating Authentication into your app using Okta's Identity Engine. Specifically, this application will cover some basic needed use cases to get you up and running quickly with Okta. These Examples are:
- Sign In
- Sign Out
- Sign Up
- Sign In/Sign Up with Social Identity Providers
- Sign In with Multifactor Authentication using Email or Phone
For information and guides on how to build your app with this sample, please take a look at the .NET guides for Embedded Authentication, starting with Get set up
Before running this sample, you will need the following:
- An Okta Developer Account, you can sign up for one at https://developer.okta.com/signup/.
- An Okta Application, configured for Web mode. This is done from the Okta Developer Console and you can find instructions here. When following the wizard, use the default properties. They are designed to work with our sample applications.
Clone this repo and add your Okta configuration by following the IDX SDK Configuration Reference
Note: This application assumes you have your configuration in an okta.yaml file located in a .okta folder in the application or project's root directory. The
IdxClient, which is provided to the application via DI in theApp_Start > UnityConfig.csfile, grabs the required configuration from the yaml file.
Now start your server and navigate to https://localhost:44314 in your browser.
If you see a home page that allows you to login, then things are working!
You can login with the same account that you created when signing up for your Developer Org, or you can use a known username and password from your Okta Directory.
To see some examples for use cases using this sample application, please take a look at the .NET guides for Embedded Authentication
UI testing project embedded-auth-with-sdk.E2ETests uses SpecFlow and Selenium with chrome driver. In order to run the tests, several configuration values need to be defined in the settings.json or in the system environment. Although this is not required, sensitive data should be kept as environment variables.
DirectAuthWebSitePath- local path to embedded-auth-with-sdk project:<...>\okta-idx-dotnet\samples\samples-aspnet\embedded-auth-with-sdk\embedded-auth-with-sdk.okta_testing_A18nApiKey- Api key for A18N service.okta_testing_OktaSocialIdpMfaUserEmail- pre-created Okta user's name to test Okta as social IDP provider. The user should be already registered as an Okta user in the main org and added to theMFA Requiredor equivalent group.okta_testing_OktaSocialIdpMfaUserPassword- pre-created Okta user's password to test Okta as social IDP provider.okta_testing_GoogleUserEmail- pre-created Google user's name. It should not exist in Okta's People Directory.okta_testing_GoogleUserPassword- password for the Google user.okta_testing_UserPassword- This value is used as a first part of a password for newly created Okta users, second part is a randomly generated value.
Following are non-sensitive configuration values which reside in settings.json file in the project's root. To set them in the system environment, add okta_testing_ prefix to a variable name:
A18nProfileTag- value fordisplayNamefield for A18n profiles.IISPort- sample project will be listening on this port.
Note: currently sample project is started on http using IISExpress.
MfaRequiredGroup- new users will be added to this group in MFA-related scenarios.PhoneEnrollmentRequiredGroup- new users will be added to this group in the scenarios where phone authenticator is used.ScreenshotsFolder- screenshot will be saved to this location when a test fails.
Example of the settings.json:
{
"okta": {
"testing": {
"A18nProfileTag": "okta-idx-dotnet",
"IISPort": 8080,
"MfaRequiredGroup": "MFA Required",
"PhoneEnrollmentRequiredGroup": "Phone Enrollment Required",
"ScreenshotsFolder": "c:/screenshots"
}
}
}This functionality uses Okta .NET management SDK to get the recovery token and requires additional configuration parameters to be provided. Detailed information on Okta SDK Client configuration can be found in this reference.
-
Make sure you are using the latest version of the
Selenium.WebDriver.ChromeDrivedependency and try again. -
Make sure all the required API tokens (Test org API token, Okta as external IDP org API token, A18n API Key) are still valid.
-
Make sure Okta as external IDP is properly configured (5.x scenarios). Check out here for details on how to configure Okta as your external IDP. The UserInfo endpoint should be provided.
-
Make sure the required ENV VARs are properly set and still valid:
SETX okta_testing_OktaSocialIdpMfaUserPassword <VALUE>
SETX okta_testing_OktaSocialIdpMfaUserEmail <VALUE>
SETX okta_testing_OktaOidcIdpToken <VALUE>
SETX okta_testing_OktaOidcIdpDomain <VALUE>
SETX okta_testing_GoogleUserPassword <VALUE>
SETX okta_testing_GoogleUserEmail <VALUE>