Skip to content
Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues are fixed in the 4.1.4 release. For version 4.1.3, Mirantis only supports fresh installations.

Setting up Okta as an OIDC provider#

To configure an Okta application to serve as your OIDC authentication provider for MKE 4k:

  1. Navigate to Okta and sign in to your account dashboard.
  2. Navigate to Applications > Applications and click Create App Integration.
  3. Select OIDC - OpenID Connect for Sign-in method.
  4. Select Web Application for Application Type.

  5. For App integration name, choose a suitable name.

  6. Configure the host for your redirect URLs:

    • Sign-in redirect URIs: http://<MKE 4k hostname>/dex/callback
    • Sign-out redirect URIs: http://<MKE 4k hostname>

  7. Click Save to generate the clientSecret and clientID in the General table of the application.

  8. Set .spec.authentication.oidc.issuer to your Okta domain, https://example.okta.com for example, in your mke4.yaml configuration file.
  9. Add the generated clientSecret and clientID values to your mke4.yaml configuration file.
  10. Run the mkectl apply command with your mke4.yaml configuration file.

Test authentication flow#

  1. Navigate to the MKE 4k Dashboard: https://<MKE 4k hostname>
  2. Select Log in with oidc. This will redirect you to the Okta login page for your application.
  3. Enter your credentials and click Sign In. If authentication is successful, you will be redirected to the MKE 4k Dashboard.