Skip to main content

Configuring OpenID Connect Integration

Configuring an OpenID Provider via OKTA

Create an Application via OKTA

  1. Log in to the OKTA console using an admin account.

  2. In the OKTA home page, click Applications → Add Application

  3. In the Add Application screen, click Create New App

  4. In the Create a New Application Integration screen, perform the following:

    1. In the Platform field, verify that Web is selected (default).

    2. In the Sign on method section, select OpenID Connect

    3. Click Create

  5. In the General Settings section, fill in the Application name field with a name for the SSO application.


    Other fields are optional

  6. In the Configure OpenID Connect section, click Add URI


    The Login Redirect URI should be taken from Checkmarx Identity and Access Management console.


Create an OpenID Connect Identity Provider via Checkmarx

  1. Go to Checkmarx Identity and Access Management console → Identity Providers and click OpenID Connect v1.0

  2. In the Add Identity Provider screen → App Settings section, configure the Provider’s Alias.


    The Alias will be a part of the Redirect URI

  3. Copy the Redirect URI from the App Setting section.

Configure Checkmarx Identity Provider Details via OKTA

  1. Go back to OKTA and perform the following:

    1. In the Configure OpenID Connect section → Login redirect URIs, paste the copied Redirect URI from the previous step.

    2. Click Save


      The page with the Application details opens automatically.

  2. Upon the save of the Application, OKTA will generate Client Credentials.

    1. Click on the General tab.

    2. Copy the Client ID & Client secret


Configure OpenID Connect Settings via Checkmarx

  1. Go back to Checkmarx Identity and Access Management console.

  2. In the OpenID Connect Settings section fill in the following fields:

    1. Authorization URL and Token URL - Should be taken from the following page:

      https://<OKTA account URL>/oauth2/default/.well-known/openid-configuration?client_id=<Application Client ID>

      Replace <OKTA account URL> with your actual account URL and the <Application Client ID> with the Application Client ID.

      For example, for Checkmarx OKTA it will look like:

      {"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' parameter.","errorLink":"invalid_client","errorId":"oaeFAmNeUfFQR2k5EQVEjlwpQ","errorCauses":[]}

    2. Client Authentication - Should be Client secret sent as basic auth

    3. Client ID and Client Secret - OKTA Client ID and Client Secret.

    4. Default Scopes - Should be openid profile email


Assign People via OKTA

  1. Go back to OKTA and perform the following:

    1. Click on Assignments tab.

    2. Click Assign → Assign to People


      The Assign Checkmarx to People popup will be presented.

  2. Select people who will be able use the SSO.

  3. Login to Checkmarx One using the created OKTA OpenID Connect account.