8ki0y (8ki0y) asked a question.
CA Signed Certificate for SMAL Signing
Hello,
We don't want to use the self signed certificate that Okta generates as the SAML signing certificate but a CA signed certificate by our authority. As we understand, the only way to do this is to use the Okta API. The problem with using the API is that we have to fire out the API to have the cert linked to the policy ever time we onboard a new application. Is there a way to one time import the CA signed certificate onto Okta and use it through the UI instead of the API?
Thank You,
Gordon
I do not believe there is a way to do this one time so I've had to add them to each app one by one. You could use an Event Hook (application.lifecycle.create) with a Workflow to automate. When a new app gets created it would trigger the hook that would call an API Workflow that would set the cert.
Thanks Matthew. This helps. Do you know if through Workflows we still need the API key from Okta? A concern that my team had was the security of the API key that we would have to use.
For Workflows you will use the client id and secret from the "Okta Workflows OAuth (OpenID)" app when you create your Okta connector that is then used in the Workflows.
https://www.youtube.com/watch?v=zcffFZmzwAA (see 1:40 for connectors and then keep watching how to use the Okta connector)
Here are the functions/features of the Okta connector.
https://help.okta.com/wf/en-us/Content/Topics/Workflows/connector-reference/okta/okta.htm