 Hello and welcome, my name is Micah Silverman and I am one of Okta's senior security hacksawers. Today I'm gonna be talking to you about the Okta Heroku add-on. Now you can come over to developer.okta.com and go and sign up for an account and this creates an Okta org for you, which you can then use. And part of this process is getting an email and setting an admin password. That's all great, you can do that anytime. I wanna show you a different, perhaps easier way that works really well if you're already using Heroku's application platform or if you might be using Heroku's application platform in the future. So you will need a Heroku account here. And if you're not familiar with Heroku, Heroku is an application hosting platform that supports a variety of languages and has add-ons for common services that your application will need. Probably the most common one is a database. So you can add a MySQL or Postgres or Redis database to your application running on Heroku. And those Heroku add-ons take care of all of the provisioning tasks so that you don't have to worry about all of that infrastructure and architecture. We've created an Okta Heroku add-on so we can do the same thing provisioning an Okta org. Where I'm gonna start is on my Heroku dashboard I've already logged in and I'm going to create a new application. And I'm gonna call that application SlardibartFast. I'm kind of surprised that that's even available. Now, all by itself, this application isn't terribly impressive because there's no code and there are no additional add-ons running on it yet. So the first thing I'm gonna do is come over to Configure Add-ons and it's here that I could add in, say, Redis if I wanted to. I just do a quick search and there's a bunch of different Redis offerings. Today what we're gonna do is choose Okta. So I'm gonna click on Provision and now in about 30 seconds an Okta org with all kinds of feature-packed configurations will be allocated for you. Okay, once that's done let's talk about the benefits of having an Okta org allocated this way. If I go back to Overview I can see the list of installed add-ons. I could also install other add-ons like databases. But from here I can single sign-on over to this newly created Okta org. So I don't have to go through the registration process. I don't have to go through changing or setting an admin password. I click on this link and in just a moment I will be over at my Okta admin console. So that is benefit number one. Benefit number two is if I jump over to Settings and I reveal configuration variables, a selection of environment variables has been set automatically and this helps you get started with Okta for the most common use cases and we're gonna talk about a few of them. The first is that an API token is created and set here that you can start using right away. So I'm gonna copy that API token. I'm gonna copy my Okta org URL. This is my unique Okta org URL and this is a full production developer Okta org and now I'm gonna use, you can use HTTP or Curl. I'm gonna use HTTP to hit an API endpoint. And in order to do this, I need an authorization header with Okta's custom scheme SSWS and the API token value that I copied from earlier. Now if you're not familiar with Okta's API, there are a lot of great resources over at developer.okta.com. What I'm gonna do right now is just get a list of users from my newly created Okta org. And you can see that I get a JSON response and it lists all of the users that have been created and these users that have been created were done automatically as part of the Heroku add-on allocation process. So you can see here, it's got this funky email address. It's just a long randomly generated number that is part of the org setup. So benefit number two, we have a bunch of environment variables and we can start working with the Okta API right off the bat. Now, benefit number three that we're gonna talk about right now is all of these other environment variables are set up to work with Okta's SDKs in whatever language you use, whether it's .NET or Java. All of these environment variables will work with our SDKs right out of the gate. So as an example, I have here a Okta Spring Boot example and what I'm gonna do is clone that example and deploy it to this Slarty Bartfest organization and we're gonna see or application rather on Heroku and we're gonna see that it works right away. So first of all, I'm gonna clone this project. This uses Okta Spring Boot integration and now I'm gonna add the Heroku Remote to Git. What this allows me to do is now publish this project to this Heroku org. Now this is gonna take a minute. I'll fast forward through it. Okay, now we've published this application on Heroku and I can see that it's running and so now I can go to, oops, I went to the wrong place. Slarty Bartfest.Herokuapp.com and it shows me a result screen right away. Now ordinarily I would have had to authenticate but I was already logged in to my admin console by virtue of SSO from Heroku. So let's just take a look at what it would look like if I sign out here. Now if I go back to the front door of this application, actually let me do this in a, I should have done this before. I'll do this in an incognito window. Now I need to log in. Now, what do I log in as? I haven't set up any users. Well, part of the process that Heroku does in allocating this org or that the Octaheroku add-on does is it sets up a super admin with a super password. Now these environment variables, you may wanna delete, ultimately, you may not want an admin password kicking around but to start with, it sets up those variables and so I can copy this admin password and this admin email and I can drop them in over here. Now I can authenticate to the app. This is a one-time thing where this is the first time I'm setting up the user so it wants me to set a security question but now I'm back in the results screen with an ID token showing. So benefit number three is that I can deploy apps right away and those apps, this app in particular, leverages these existing environment variables that have been set. Now one quick note, when you use the Octaheroku add-on, it creates both a spa app, a single page app and a traditional web app. It creates both of those in Octa and it sets these environment variables. In, if you're using one of our SDKs, you'll simply wanna take the undersource spa or underscore web away from these environment variables that is rename these environment variables and then they'll work right out of the box. So for instance, a spa app is looking for Octa OAuth 2 client ID and a traditional web app is looking for Octa OAuth 2 client ID and Octa OAuth 2 client secret as the environment variables. So just a little tip there, because it's creating both of these types of apps, when you deploy an app, you'll want to rename the variable to match. So three benefits, one single sign-on to Octa directly from your Heroku application. Two is a bunch of environment variables that let you work with the Octa API directly right away, including that Octa client API ID and three is the ability to deploy applications to Octa and have them run right out of the gate without having to do additional configuration. I hope you found this useful. If you have, go on over to developer.octa.com, check out our other blog posts. Also subscribe to the Octa Dev channel and give this video a like if you would. Thank you very much.