Help with Okta setup

Product: PowerShell Universal
Version: 2.9.2

Hey PSU folks,

I have forms authentication setup and working fine, but my Security team wants me to upgrade to using Okta. Unfortunately I don’t have any expertise in things like Okta, ODIC, SAML, etc., but we do have an Okta expert on staff that I’m working with. Looking at OpenID Connect - PowerShell Universal it seems pretty simple. Our Okta admin creates the app, we add stuff to our appsettings.json, and restart PowerShell Universal service. But we can’t seem to get it working :frowning:

Is there more to it? Do I also have to setup OpenID as an authentication method and disable forms authentication?

In the Okta config:

  • If the PSU Url is*, then what should we enter for the Sign-in redirect URI?
  • The documentation does not state this, but our Okta admin is asking do we need to configure anything for the Initiate login URI?

Is the CallbackPath correct in my appsettings.json file? Anything off here?

  "Kestrel": {
    "Endpoints": {
      "HTTP": {
        "Url": "http://*:80"
      "HTTPS": {
        "Url": "https://*:443",
        "Certificate": {
          "Subject": "*.<domain>.com",
          "Store": "My",
          "Location": "LocalMachine"
	"RedirectToHttps": "true"
	"ApplicationInsights": {
		"InstrumentationKey": "<key>"

  "OIDC": {
    "Enabled": "true",
    "CallbackPath": "/authorization-code/callback",
    "ClientID": "<ID>",
    "ClientSecret": "<Secret>",
    "Resource": "",
    "Authority": "https://<domain>",
    "ResponseType": "code",
    "SaveTokens": "true",
    "CorrelationCookieSameSite": "",
    "UseTokenLifetime": true,
    "Scope": "openid profile groups",
    "GetUserInfo": true

Thanks in advance, as I’m not really sure where to go with it from here.

Your appsettings.json looks good.

The sign-in redirect URI should be this:

That’s formulated by concating the PSU URL with the CallbackPath:

"CallbackPath": "/authorization-code/callback",

I’m not aware of any configuration for the initiate login URI. The steps in the document were exactly what I took to get Okta working for me.

Thanks Adam! Confirmed the appsettings.json is not the issue.

What about the Sign-in redirect URI entered into Okta. The example shows http://localhost:8080/authorization-code/callback. I’m redirecting connections from http to https in appsettings.json, and netstat does not show the system listening on port 8080. What should my Sign-in redirect URI be in Okta? Should it use https, should there be a port listed? Perhaps ?

Ignore that last response…I’m a goofy goof. You gave me the answer, and I just didn’t read it correctly … LOL. I’m going to have my Okta guy update the Sign-in Redirect Uri in Okta and try again.


Our Okta admin made the change of the Sign-in Redirect URI as you stated, to and now it’s working :slight_smile:

Thanks again Adam!

1 Like