magedevgroup/module-admin-sso-okta
Composer 安装命令:
composer require magedevgroup/module-admin-sso-okta
包简介
Okta provider plugin for Magento 2 admin SSO — supplies the Okta OIDC preset (discovery, groups claim, branding) for the provider-agnostic admin-sso capability. Installs admin-sso (and sso-core) automatically.
README 文档
README
Okta login for the Magento 2 admin panel.
A thin Okta provider plugin for the provider-agnostic admin-sso capability. It supplies the Okta OIDC preset — discovery from your org domain, scopes, groups claim, login-button branding — while all OIDC protocol lives in sso-core and all admin logic in admin-sso. Installing it pulls admin-sso and sso-core automatically.
Installation
composer require magedevgroup/module-admin-sso-okta bin/magento module:enable MageDevGroup_SsoCore MageDevGroup_AdminSso MageDevGroup_AdminSsoOkta bin/magento setup:upgrade
Create the Okta OIDC app
In the Okta Admin Console → Applications → Create App Integration:
- Sign-in method OIDC - OpenID Connect, application type Web Application.
- Sign-in redirect URI — the
admin-ssocallback:https://<admin-host>/<admin-path>/adminsso/sso/callback(<admin-path>is the backend frontName, defaultadmin). It must match the admin URL used at runtime exactly. - Save, then copy the Client ID and Client secret.
- Groups claim — for IdP-group → ACL-role mapping, add a
groupsclaim to the ID token: Sign On → OpenID Connect ID Token → Groups claim, filter e.g.Matches regex .*. Without this Okta emits no groups and role mapping falls back to the default role.
Configuration
Admin → Stores → Configuration → MageDevGroup → Admin SSO.
General (magedevgroup_admin_sso/general/*):
| Field | Value |
|---|---|
| Enable Admin SSO | Yes |
| Identity Provider | Okta |
| Client ID | from the Okta app |
| Client Secret | from the Okta app |
Okta (magedevgroup_admin_sso/okta/*, shown when Okta is selected):
| Field | Value |
|---|---|
| Org Domain | your org domain, e.g. dev-123.okta.com (scheme optional, https assumed) |
| Custom Authorization Server | optional server id (e.g. default); empty = org server |
The discovery URL is derived from these:
https://<domain>/.well-known/openid-configuration, or
https://<domain>/oauth2/<auth-server>/.well-known/openid-configuration with a
custom authorization server.
Group → role mapping and enforce-SSO/break-glass are configured in admin-sso; see
that module's README.
Requirements
- Magento 2.4.x
- PHP 8.3 – 8.5
Part of the MageDevGroup identity suite
| Repo | Role |
|---|---|
sso-core |
Shared OIDC engine (installed automatically) |
admin-sso · admin-sso-<idp> |
Admin-panel SSO login |
customer-sso · customer-sso-<idp> |
Storefront SSO login |
admin-scim · admin-scim-<idp> |
Admin-user provisioning (SCIM 2.0) |
License
OSL-3.0 © MageDevGroup. Commercial licensing and support: https://magedevgroup.com.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 2
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: OSL-3.0
- 更新时间: 2026-07-08