Skip to content

fix: enhance okta sso #5424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: enhance okta sso #5424

wants to merge 1 commit into from
+252 −58

Conversation

@cody-eding
Copy link

Closes #5423

📑 Description

This pull request enhances the Okta SSO implementation and documentation to more closely match other OAuth providers such as OneLogin. The okta_authverifier.py file has been improved by taking many pieces of the OneLogin implementation.

Improvements include:

  • Removing invalid role names and class variables
  • Correcting invalid default Okta JWKS URL
  • Support for customized Okta group to Keep role mapping using the groups claim
  • Role mapping and auto-provisioning logic similar to OneLogin
  • Additional logging
  • Updated and fixed missing documentation

✅ Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Oct 29, 2025

Skipped: This PR does not target one of your configured branches: (refactor/2512-nextjs-15)

@vercel
Copy link

vercel bot commented Oct 29, 2025

@cody-eding is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. Documentation Improvements or additions to documentation Provider Providers related issues labels Oct 29, 2025
shahargl
shahargl reviewed Nov 2, 2025
View reviewed changes
keep/identitymanager/identity_managers/okta/okta_authverifier.py
Comment on lines -35 to +50
self.jwks_url = f"{self.okta_issuer}/.well-known/jwks.json"
self.jwks_url = f"{self.okta_issuer}/v1/keys"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how did it work until now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahargl shahargl shahargl left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Documentation Improvements or additions to documentation Provider Providers related issues size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[🐛 Bug]: Okta SSO implementation missing features in other OAuth providers, also missing docs

2 participants

@cody-eding @shahargl