docs: add Okta setup guide#986
Open
wdawson wants to merge 5 commits into
Open
Conversation
Second per-provider page under /guides/user-sources/, modeled on the Microsoft Entra ID page. Walks an admin through creating an OIDC Web Application integration in Okta, requiring PKCE, and pasting the resulting values into Arcade's User Source form. Includes three light-mode screenshots: - Create a new app integration dialog (OIDC + Web Application) - New Web App Integration form with the Arcade redirect URI - Client Credentials panel with Require PKCE checked Notes cover: - Okta-hosted custom domains - Custom Authorization Servers (the page uses the Org Authorization Server by default since it ships with every Okta org; custom servers are positioned as an advanced opt-in for teams that need custom scopes, claims, or policies) - Client secret rotation - Custom subject claims via a Custom Authorization Server Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
The radio label in the Okta admin console screenshot reads 'OIDC - OpenID Connect' with a regular hyphen, not an em-dash. Match the literal UI character (which also satisfies the Google.EmDash style rule). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per Wils — newer Okta admins won't always know that the assignment model is how they govern which end users can sign in to a Gateway backed by this User Source. Be explicit: anyone Okta won't let through the assignment is blocked at sign-in. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a new "Pick a subject claim" section to the User Sources overview explaining the two properties a subject claim value must satisfy: - Stable per user (a changing value mints a new identity in Arcade) - Unique forever (email/username reuse can hand the new owner the previous person's access) Both per-provider Custom subject claims notes (Okta and Microsoft Entra ID) get a brief pointer to the new overview section so the per-provider guidance stays focused on provider-specific config while the general principles live in one place. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3965166. Configure here.
| --- | ||
|
|
||
| import Image from "next/image"; | ||
| import { Callout, Steps } from "nextra/components"; |
There was a problem hiding this comment.
Unused Callout import in Okta page
Low Severity
Callout is imported from nextra/components but never used anywhere in this file. Only Steps is actually referenced. The Entra page imports and uses both, so this looks like it was copied from the Entra template without removing the unused component.
Reviewed by Cursor Bugbot for commit 3965166. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the Okta per-provider setup guide as the second concrete provider page under
/guides/user-sources/, modeled on the Microsoft Entra ID page that landed in #983. Walks an admin through creating an OIDC Web Application integration in Okta, requiring PKCE, and pasting the resulting values into Arcade's User Source form.Closes GRO-95. Part of the GRO-75 umbrella.
What's in this PR
app/en/guides/user-sources/okta/page.mdx.public/images/user-sources/okta/: the Create a new app integration dialog, the New Web App Integration form with the Arcade redirect URI in place, and the Client Credentials panel with the Require PKCE checkbox ticked.oktaentry added toapp/en/guides/user-sources/_meta.tsx.Decisions worth flagging
https://<your-okta-org>.okta.com) as the canonical Issuer URL. Empirically both<org>.okta.com/.well-known/openid-configurationand<org>.okta.com/oauth2/default/.well-known/openid-configurationare valid endpoints, but the Org server ships with every Okta org and matches the issuer admins can read straight off the Okta home screen. Custom Authorization Servers are positioned in Notes as an advanced opt-in for teams that need custom scopes, claims, or policies.sub: Okta'ssubis the user's stable Okta UID and doesn't have the per-app-registration issue Entra'ssubdoes, so no special recommendation needed./guides/user-sources/*/page.mdxexemption added in docs: add Microsoft Entra ID setup guide #983, so Okta terms like "tenant" don't trigger Arcade glossary tooltips.Test plan
check-meta-keys— all_meta.tsxkeys validpnpm build—/en/guides/user-sources/oktarenders in the route table🤖 Generated with Claude Code
Note
Low Risk
Documentation-only changes with no application, auth, or API behavior modifications.
Overview
Adds an Okta provider setup guide under User Sources (OIDC web app, PKCE, Arcade redirect URI, field mapping, and notes on org vs custom authorization servers and subject claims), registers it in the section nav, and refreshes
public/llms.txtso the new page is discoverable.The User Sources overview gains a Pick a subject claim section explaining stable, never-reused identifiers; the Microsoft Entra ID guide’s custom-claim note now links there.
Reviewed by Cursor Bugbot for commit 3965166. Bugbot is set up for automated code reviews on this repo. Configure here.