Merge pull request #50 from gstorme/docs

teon · web-flow · commit 06929ccd7271 · 2025-08-01T13:51:32.000+02:00
update redirect_uris for external mfa
diff --git a/admin-and-features/external-openid-providers/README.md b/admin-and-features/external-openid-providers/README.md
@@ -45,11 +45,13 @@ In almost any provider's configuration you will need to define a set of allowed
 
 * `<DEFGUARD_DASHBOARD_URL>/auth/callback`
 * `<DEFGUARD_ENROLLMENT_URL>/openid/callback`
+* `<DEFGUARD_ENROLLMENT_URL>/openid/mfa/callback`
 
 For example, if your Defguard main dashboard is accessible at `https://defguard.my-domain.net` and your users perform the enrollment through a proxy accessible at `https://enrollment.my-domain.net` you would need to enter the following URIs:
 
 * `https://defguard.my-domain.net/auth/callback`
 * `https://enrollment.my-domain.net/openid/callback`
+* `https://enrollment.my-domain.net/openid/mfa/callback`
 
 These URIs will need to be provided in your provider's configuration. See [#examples](./#examples "mention") to learn more.
 
diff --git a/admin-and-features/external-openid-providers/okta.md b/admin-and-features/external-openid-providers/okta.md
@@ -8,7 +8,7 @@
 
 <figure><img src="../../.gitbook/assets/image-2.png" alt=""><figcaption></figcaption></figure>
 
-3. On the next page, configure the application. Make sure to set the correct Sign-in URIs, those will take the form of `<DEFGUARD_DASHBOARD_URL>/auth/callback` (dashboard login) and `<DEFGUARD_ENROLLMENT_URL>/openid/callback` (if you want to perform new user enrollment using Okta). Replace `<DEFGUARD_DASHBOARD_URL>` and `<DEFGUARD_ENROLLMENT_URL>` with the URLs of your Defguard dashboard and enrollment page (proxy) accordingly. If you access your Defguard dashboard at e.g. `https://defguard.example.net` your redirect URI will be `https://defguard.example.net/auth/callback`.
+3. On the next page, configure the application. Make sure to set the correct Sign-in URIs, those will take the form of `<DEFGUARD_DASHBOARD_URL>/auth/callback` (dashboard login) and `<DEFGUARD_ENROLLMENT_URL>/openid/callback` (if you want to perform new user enrollment using Okta). Replace `<DEFGUARD_DASHBOARD_URL>` and `<DEFGUARD_ENROLLMENT_URL>` with the URLs of your Defguard dashboard and enrollment page (proxy) accordingly. If you access your Defguard dashboard at e.g. `https://defguard.example.net` your redirect URI will be `https://defguard.example.net/auth/callback`. If you want to use Okta as the MFA provider, also add `<DEFGUARD_ENROLLMENT_URL>/openid/mfa/callback` to the redirect URIs.
 
 <figure><img src="../../.gitbook/assets/image-6.png" alt=""><figcaption></figcaption></figure>
 
