Integrating Nextcloud with Okta SSO via OIDC for API-based Access

Hi Nextcloud community!

I’m working on an interesting project and could use some guidance. Here’s what I’m trying to accomplish:

1. Integrate Nextcloud with Okta for Single Sign-On (SSO) using OpenID Connect (OIDC), not SAML.

2. Use Nextcloud as a backend service in my web application, without involving the Nextcloud UI.

3. When a user logs into my web application, they should only see the folders assigned to them, nothing more. This needs to be dynamic.

4. My web app is already integrated with Okta, so users receive a valid JWT token from Okta upon login.

5. I want to use this Okta-issued JWT token in the header of Nextcloud API calls.

6. Nextcloud should then respond based on the user information in the token, providing access only to the appropriate resources.

Has anyone implemented a similar setup or can point me in the right direction? I’m particularly interested in:

• Configuring Nextcloud to accept and validate Okta OIDC tokens
• Using these tokens for API authentication
• Dynamically managing user permissions based on the token information

Any tips, documentation links, or examples would be greatly appreciated!

Thanks in advance for your help!

hi @SitaRamSai welcome to the forum

I’m not aware of such solution but maybe this is because of the scope of the forum - mostly it is frequented by SOHO users.

But I would recommend you to split the goal into 2 different parts:

• SSO login using you existing Okta IdP (which is easy) you don’t need to mangle with http headers etc, use native capabilities: install and configure user_oidc-app GitHub - nextcloud/user_oidc: OIDC connect user backend for Nextcloud - user will login to NC automatically once it provides valid access token
• if required strip the interface to show only required parts (maybe Files app would be good already?) - custom CSS may help

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.