Configure Okta as an identity provider in BlackBerry UEM
Okta
as an identity provider in BlackBerry UEM
After you create an
Okta
client, you must create a corresponding identity provider in the BlackBerry UEM
management console.- In theBlackBerry UEMmanagement console clickSettings > BlackBerry Enterprise Identity > Identity providers.
- Click+and selectOkta.
- In theNamefield, type a name for the identity provider.
- In theOIDC discovery document URLfield, type the location of your organization’sOktaserver. For example,https://, where authorizationServerName is the name of the authorization server in step 7 of Create an Okta app.<oktaDomain>.okta.com/ oauth2/<authorizationServerName>/.well-known/oauth-authorization
- In theClient IDfield, enter the same ID that you created in the Create an Okta app task.
- In thePrivate key JWKSfield, enter the Private key that you used in the Create an Okta app task.Your entry should be similar to the following."jwks": { "keys": [ { "kty": "EC", "alg": "P-521", "kid": "OJE1cjnUBHGXHtOiHc64gSO1xxNzhoe9sRorb2CCKgU", "x": "AV4Ljfyl2eCoP1oyO_U3047BTprKxuwlUm57p7FsQJFMtW 1Xks7j8IQe4H0S8tNpd21Q_2NcKiJg5gjWKs0H3Oh6", "y": "AIWYPJ-c1UWEWQXO4Zkl3TKCPxCiAqv7ju_vJsO0Jye7zC 1SzqAFbfIzCRRq_MJJJfmw2ZbfgtvHmG28avR1O287", "alg": "ES512" } ] }
- In theAvailable serviceslist, select the services that you want to assign to theOktaclient and click the right arrow to move the service to theSelected servicelist. Note that you can assign only oneOktaclient for each service.
- ClickSave.
Create an Enterprise Identity authentication policy and assign it to users or groups. In the policy, add your service in Manage service exceptions and set the minimum authentication level to Level 4.