RyanN.05618 (Customer) asked a question.
Forgive me if this has been asked already but i cannot seem to find what im looking for.
I have created a React SPA that contains different pages; Home, Profile and Admin.
I've implemented a secure route to Profile and Admin, where everyone is able to access the profile page where it pulls the current user Info and displays it.
What i'm trying to do is block access to the admin page unless they're assigned as admins in the directory. So once authenticated, if they click on the Admin page they'll see some sort of access denied message if they're not admins, and if they are then they'll see a welcome admin message.
What do i need to do on OKTAS side to achieve this ? any documentation or help is greatly appreciated.
Thank you
Hi Ryan,
My name is Casiana and I am representing Okta Support.
As far as I could research, the SPA applications being out of the scope for support, more to the developer support, I have found out these articles from our developer articles:
Enable the trust origins: https://developer.okta.com/docs/guides/sign-into-spa/angular/create-okta-application/
Require authentication for a specific route: https://developer.okta.com/docs/guides/sign-into-spa/angular/require-authentication/#require-authentication-for-a-specific-route
Limit the access: https://developer.okta.com/docs/guides/configure-access-policy/limit-scopes-clients-can-access/#test-the-setup
Secure the login: https://developer.okta.com/blog/2019/02/12/secure-angular-login
Restrict the login: https://devforum.okta.com/t/restrict-a-spa-application/11742
For further more information, I recommend opening a ticket in which you will select as Product "SDKs and Libraries" to go directly to the developer support. I am sure that they have more knowledge about how to implement this configuration.
Regards,
Casiana Ababei
Technical Support Engineer
Okta Global Customer Care