IDP Webhook Settings

  • Published on Sep 1, 2024
  • 1 minute(s) read
Prev Next

PlainID IDP Authorizer

Define The Okta Inline Hook Settings

Parameter Value Description
Name PlainID Access Any name
URL https://[plainid-base-url].plainid.io/hook/okta?appPostfix=-V5 e.g.:
https://acme-finance.us1.plainid.io/hook/okta?appPostfix=-V5
Authentication field x-plainid-secret The attribute/header that will contain the value of the corresponding PlainID Scope clientSecret
Authentication secret For PlainID SaaS IDP Webhook:
- Use the PlaindID Scope clientSecret
For PlainID PAA IDP Webhook:
-Use the secret from the IDP Webhook configuration file
Custom header field x-plainid-client Value the PlainID ClientID - obtained from the corresponding PlainID Scope Management

Test the Webhook

To simulate the user login to the web-application, we can use an OIDC tool (e.g. https://oidcdebugger.com/) - this will test the full integration, and will allow you to review the Token Enriched JWT that contains the relevant claims (keys and values) - Sample configuration for https://oidcdebugger.com:

Attribute Value Description
Authorize uri https://dev-344343.okta.com/oauth2/aus7j5bjshdjfhshZNm25d7/v1/authorize The link to the defined Okta Client
Client ID 0oa7ldghfeskfjIoOii5d7 The Okta Application Client ID
Response Types Select all available values
Scope Openid

After the settings are set, click on “Send Request” to test the configuration.

If everything is configured correctly you can expect to receive a JWT/Response with the relevant claims from the PlainID Access Policy, e.g.:

{  
  "sub": "00u7mdjdhdhdhjBky5d7",  
  "ver": 1,  
  "iss": "https://dev-344343.okta.com/oauth2/aus7j5bjshdjfhshZNm25d7",  
  "aud": "0oa7m66nxxZ30CEOg5d7",  
  "iat": 1673259158,  
  "exp": 1673262758,  
  "jti": "ID.fMPCup1auYv4cJWA8h_7rm2RpdWRfQ77uAWQh4OvFyo",  
  "amr": [  
      "pwd"  
  ],  
  "idp": "00o7ifadsdasddXcpgO5d7",  
  "nonce": "s9r39ftqr7dm",  
  "auth_time": 1673250531,  
  "at_hash": "RJasdfadsfSakS7s-YiwQ",  
  "c_hash": "f3tMasdfasdfz4DDKyyk2QKw",  
  "claimPortalRole": [  
      "Administrator"  
  ],  
  "DepartmentManagerLevel": [  
      "Senior"  
  ]  
}