Integrate Acumatica with Okta

I want to integrate Okta with Acumatica and I am missing these fields of information. Where can I find these?

  • Issuer identifier
  • Claim type for user identity
  • Authorization endpoint
  • Token endpoint
  • JWK Set Location

Thank you for any insights or feedback!

The endpoint information can be found at the discovery/metadata endpoint for your authorization server.

If you are using your Org Authorization Server (or are testing in an org without API Access Management), this url will be https://oktaDomain/.well-known/openid-configuration

If you are using the Default Authorization Server (warning, this is separate from the Org AS), this url will be https://oktaDomain/oauth2/default/.well-known/openid-configuration

If you are using a Custom Authorization Server (which includes the server called “Default”), the url is https://oktaDomain/oauth2/${authorizationServerId}/.well-known/openid-configuration Just make sure you replace ${authorizationServerId} with the actual ID for the server you want to use (it should start with the characters aus)

I’m going to guess that Issuer identifier is the issuer returned at that endpoint (which is the same as the discovery url, with the /.well-known/openid-configuration part removed)

Based on Acumatica’s docs here, it looks like “Claim type for user identity” can be set to which ever claim you want to use as the user identifier.

Without knowing much of the specifics of this integration, you should be fine setting this to sub, but ymmv depending on how this value is used on the Acumatica side: for example, is it used to link a user that existed in Acumatica already with a user logging in through Okta? does it read this claim from the ID Token or the Access Token (the sub claim exists in both tokens, but they will have different values by default)?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.