Links

SSO with Okta

How to set up Okta Single Sign-On integration

Contents

  • Supported features
  • Requirements
  • Configuration steps
  • Notes

Supported features

Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Openli. Maintenance of users on your Openli account must be done from within the Openli application app.openli.com.

Requirements

SSO via Okta is only available on the Openli Privacy Hub Growth plan or higher.

Configuration steps

If you haven't already done so, sign up and create your Openli account.
In the Openli Settings page navigate to the Single Sign-on section and make sure you select the Use Okta for single sign-on option:
Okta Single sign-on settings in Openli
Install the Openli application in your Okta instance.
On the Okta admin page, click on the Openli application and then navigate to the Sign On tab
Copy the values of Client ID and Client secret to the corresponding fields in your Single sign-on settings in your Openli account (https://app.openli.com/settings).
On the Okta admin page, navigate to the link titled OpenID Provider Metadata. Click this link. In the JSON document shown, look for a key titled “issuer” and copy the URL-value to the Okta client issuer field in your Openli Single sign-on settings (https://app.openli.com/settings).
Contact [email protected] and tell us what domain you want to register as your SSO domain. Once we have set up your SSO domain; Once configured, your SSO domain will show under Single Sign-on on your Openli settings page https://app.openli.com/settings.
Make sure that the emails of employees/users you invite into your Openli account exactly match their Okta accounts.
You're done and your users can now sign in to their Openli accounts using Okta.

Notes

When prompted to log in to the Openli platform, simply click the Okta button and authenticate with your Okta account: