Jenkins OKTA OIDC integration issue

Hello All

I am trying to integrate Jenkins (v2.438) with OKTA. Created OKTA group and Jenkins role with same name and still having issues while try to login. Below is the config I am using.

  okta: |
    jenkins: 
      securityRealm:
        oic:
          clientId: "${okta-clientid}"
          clientSecret: "${okta-clientsecret}"
          wellKnownOpenIDConfigurationUrl: "${okta-issuerurl}/.well-known/openid-configuration"
          fullNameFieldName: "name"
          emailFieldName: "email"
          disableSslVerification: false
          logoutFromOpenidProvider: true
          escapeHatchEnabled: false
          endSessionEndpoint: "${okta-issuerurl}/v1/logout"
          postLogoutRedirectUrl: "https://test.com/OicLogout"
          userInfoServerUrl: "${okta-issuerurl}/v1/userinfo"
          automanualconfigure: "auto"
          tokenServerUrl: "${okta-issuerurl}/v1/token"
          authorizationServerUrl: "${okta-issuerurl}/v1/authorize"
          overrideScopes: "customgroups openid email"
      authorizationStrategy:
        roleBased:
          roles:
            global:
              - name: "admin"
                permissions:
                  - "Overall/Administer"
                entries:
                  - user: "admin"
              - name: "devops"
                permissions:
                  - "Overall/Administer"
                entries:
                  - user: "devops"
              - name: "readonly"
                permissions:
                  - "Overall/Read"
              - name: "authenticated"
                permissions:
                  - "Overall/Read"
                entries:
                  - group: "authenticated"
              - name: "JEKINS_ROLE_A"
                permissions:
                  - "Overall/Administer"
                entries:
                  - group: "OKTA_ROLE_A"
            items:
              - name: "JEKINS_ROLE_A"
                pattern: ".*"
                permissions:
                  - "Overall/Administer"
                entries:
                  - group: "OKTA_ROLE_A"

Can anyone please guide me here?

Hello and welcome to this community, @ananth-sabhapathi. :wave:

The configuration you provided seems correct. :thinking:

However, there might be a few things you want to check:

  • Make sure the Okta group and Jenkins role names are the same. They are case-sensitive as far as I know.
  • Make sure that the users are assigned to the correct Okta group.
  • Verify that the Okta application is assigned to the group.
  • Check if the users have the correct permissions in Jenkins.
  • Make sure the clientId, clientSecret, and issuerurl are correct.
  • Ensure that the overrideScopes field includes the scope that allows access to the group information. Usually, it’s the groups scope.

If you’ve checked all of these and are still having issues, you might want to look at the Jenkins logs for more detailed error messages. :person_shrugging:
This could give you more insight into what’s going wrong. :crossed_fingers: