Register Identity Provider in Hopsworks

Before registering your identity provider in Hopsworks you need to create a client application in your identity provider and acquire a client id and a client secret. An example on how to create a client using Okta identity provider can be found here.

After acquiring the client id and client secret create the client in Hopsworks by enabling OAuth2 and clicking on add another identity provider in the Authentication configuration page. Then set base uri of your identity provider in Connection URL give a name to your identity provider (the name will be used in the login page as an alternative login method) and set the client id and client secret in their respective fields, as shown in the figure below.

Application overview

• Connection URL: (provider Uri) is the base uri of the identity provider's API (URI should contain scheme http:// or https://).

Additional configuration can be set here:

• Verify email: if checked only users with verified email address (in the identity provider) can log in to Hopsworks.
• Code challenge: if your identity provider requires code challenge for authorization request check the code challenge check box. This will allow you to choose code challenge method that can be either plain or S256.
• Logo URL: optionally a logo URL to an image can be added. The logo will be shown on the login page with the name as shown in the figure below.

Login with OAuth2

Note

When creating a client make sure you can access the provider metadata by making a GET request on the well known endpoint of the provider. The well-known URL, will typically be the Connection URL plus .well-known/openid-configuration. For the above client it would be https://dev-86723251.okta.com/.well-known/openid-configuration.