Skip to main content
Applies to BloodHound Enterprise and CE
See OIDC in BloodHound for order of operations, general OIDC setup, and user configuration in BloodHound.

Create an Okta application

To create an Okta application for BloodHound, complete the following steps:
1

Create a new Okta application

Follow the Okta documentation to create a new application.
Set your application type to Native.
2

Configure the Okta application

When configuring the Okta application, use the following settings:
FieldValue
Login redirecthttps://{domainname}/api/v2/sso/{chosenProviderName}/callback

Example: https://test.bloodhoundenterprise.io/api/v2/sso/bhestandard/callback
Logout redirecthttps://{domainname}/

Example: https://test.bloodhoundenterprise.io/
Note the following values:
  • Client ID
  • Issuer URL
You’ll use the Client ID from the Okta Client Credentials and the Issuer URL from the Okta Authorization Server when you configure BloodHound.
3

Create custom claims

If you want to map additional user attributes (first name, last name, role) from Okta to BloodHound, you must create custom claims in Okta.Go to Security > API > Authorization Servers > Claims and create the following claims:
FieldSetting
Namefirst_name
Include in token typeID Token → Always
Value typeExpression
Valueuser.firstName
Include inAny scope (or Profile)