Okta can be used as an IdP (Identity Provider) to secure the Amazon CloudFront Distribution created by this repository.
In order to get started, login to Okta with an identity that has the ability to create a new Application.
-
Navigate to Applications > Applications
-
Click on Create App Integration and select the following options:
The following options should be selected:
Sign-in method:OIDC - OpenID ConnectApplication type:Web Application
- On the next page under General Settings ensure the following are selected:
The following options should be selected:
Client acting on behalf of a user:Authorization Code
Feel free to name the application anything that suits your use-case and is easy for you and your organization to understand.
-
Navigate to your AWS Account and obtain the generated HTTPS Amazon CloudFront endpoint generated. This will be in the form of https://xyz.cloudfront.net. Copy this full link and save it to in a text editor for the next step.
-
Navigate back to the Okta Application Registration page. Under the Sign-in redirect URIs section, paste in the Amazon CloudFront distribution link obtained from Step 4 and add it as a new Sign-In Redirect URI and appen
/_callbackto the end of the link. As an example, please see the following format:https://xyz.cloudfront.net/_callback.
- Under the Assignments section on the Okta web page, select the set of groups in your organization to scope this Application usage to. Or allow all users (depending on your use-case).
-
Click on
Saveafter you have selected all relevant options and configurations for your use-case. -
Navigate back to the Applications section in Okta and click on the newly-created Application registered from above. Securely copy the Client ID and the Client Secret values
-
Update the AWS Secrets Manager Secret with the Application Client ID and the Client Secret and Base64 encode the JSON document.
-
Congratulations! You have configured your Amazon CloudFront Distribution with Okta!