Okta Integration

Monkton, Inc.

Rebar enables integration and authentication with Okta from for apps built with Rebar. Okta is easy to enable in both the Rebar Hub and in the app itself.

Before getting started with Okta, you will need to have an Okta account configured and ready to go. You will need to know your Okta Url (the host name for your Otka account) as well as, on a per app basis, your Client Id (apps can share client id values).

Configuring Okta Globally in Rebar

To configure Okta, you must be a super administrator in the Rebar Hub. Navigating to the Configure tab and the Okta Configuration will enable you to manage the Rebar Hub settings for Okta.

This will ask for two pieces of data:

  • Host Name
  • Refresh Interval

Okta Host

To authenticate with Okta, you must provide your Okta root host name. For example, monkton.okta.com is Monkton's main Okta host. This will be the basis of authenticating apps with Okta.

Refresh Interval

Due to the nature of Mobile Apps and how they work, there are incongruent policy from NIST on AAL-2 authentication with mobile apps. AAL-2 is written for desktop browsers in a shared environment.

Once a user has authenticated with Okta, the Rebar SDK sends the Rebar Hub the authentication information from Okta. This includes the users identity, access token, and refresh token.

The Rebar Hub leverages the refresh token to periodically validate the user is still valid within Okta. Set this refresh interval to your desired state based on risk.

Configuring Okta in Apps

The final piece to this is configuring apps for Okta. To add a new app in Otka, follow the steps below:

Create a new Application in Okta

After authenticating with Okta, navigate to:

  • Applications and tap Add Application
  • Under Add Application tap Create New App
  • Select Native Application for `Platform
  • Select OpenID Connect for Sign on Method
  • Tap Create

Once the next page displays, provide the requisite details for your application:

  • Provide the Application name
  • Provide the Login redirect URIs. Example: io.monkton.rebarsample:/callback

Note You should use your app bundle identifier for the redirect URI.

Required Grant Types

Ensure that you have selected the following options for Allowed grant types:

  • Refresh Token
  • Authorization Code

Note Failure to select these values will ensure Rebar cannot use Okta and will result in Authentication errors.

Configuring Okta for Apps

Once you have created your Okta Application, you will add the values in two places:

  1. Editing the Application definition on the Rebar Hub
  2. Add the following fields to your app-config.json configuration file:

Rebar Hub Configuration

Navigate to your App in the Rebar Hub.

  • Tap Security Configuration
  • Scroll to Okta Configuration
  • Enter your Client Id
  • Tap Save

Okta will now apply that value for all app bundles under that app.

Okta Configuration for iOS

The Rebar iOS Okta configuration is located here

Okta Configuration for Android

The Rebar Android Okta configuration is located here