Docs Home → Atlas App Services
Okta JWT Authentication (Custom JWT)
On this page
You can configure the Custom JWT authentication provider to authenticate users that you manage with Okta.
Before You Begin
You will need the following to use Okta:
An Okta project. To learn more, refer to the Okta documentation.
An App Services App that does not already use Custom JWT authentication. To learn how to create a new App Services App, see Create an App.
If you're using the command line interface, you need App Services CLI to be installed and authenticated on your local system.
If you're using the Admin API, you need a MongoDB Atlas Admin API public/private key pair. The API key must have Project Owner permissions.
Create an Okta App & Authorization Server
Create an application in Okta that represents your client application. The type of application you create depends on your use case. For example, if you're building a web browser app, you might create a Single-Page Application (SPA) or Web application in Okta.
Once you've configured the application, create an authorization server
in Okta that represents your App Services App. You can use any name and
description. Set the server Audience to your App Services
App's Client App ID. For example, myapp-abcde
.
To learn more about how to set up an Okta application and authorization server, refer to Create an authorization server in the Okta documentation.
Configure the Custom JWT authentication provider
You can configure Custom JWT authentication from the UI or by modifying the underlying configuration files directly with the CLI or Admin API. Choose your preferred method below.
Log in with an Okta JWT
Once you've configured the Custom JWT authentication provider to use Okta, you can log in to your App Services App with an Okta JWT access token.
Log the user into Okta. To learn how, see the relevant Okta SDK documentation for your platform and programming language.
Get the user's Okta access token from the login response.
Use the Okta access token to authenticate with Atlas App Services. You can start a session over HTTP or log in with an SDK. To learn how, see the docs for your SDK: