Links

SSO with Okta

How to set up single sign-on for Openli with Okta

Supported features

Openli supports what Okta calls "Service Provider (SP)-Initiated Authentication (SSO) Flow".
This authentication flow occurs when the user attempts to log in on Openli using Okta.
Maintenance of users on your Openli account must be done from within your Openli account. Openli does not support automatic user provisioning.

Configuration steps

In your Openli account, part 1

In the Openli Settings page, navigate to the Single Sign-on section and enable the option "Use Okta for single sign-on":
Okta single sign-on settings in Openli

In your Okta account, part 1

Install the Openli application in your Okta instance.
On the Okta admin page, click on the Openli application and then navigate to the Sign On tab. Next, you will need to copy the values you see here for Client ID and Client secret to your Openli account.

In your Openli account, part 2

Paste the values of Client ID and Client secret from your Okta account to the corresponding fields in your single sign-on settings in your Openli account.

In your Okta account, part 2

On the Okta admin page, navigate to the link titled OpenID Provider Metadata. Click this link. In the JSON document shown, look for a key titled issuer and copy the URL-value (without quotes) to the Okta client issuer field in your Openli Single sign-on settings.

Final steps

Contact [email protected] and tell us which domain you want to register as your SSO domain. When we have confirmed that this is set up, your SSO domain will show under Single sign-on in your Openli settings.
All general considerations from Setting up SSO (Single Sign-On)will now apply. Most importantly, make sure that the emails of employees/users you invite into your Openli account exactly match their Okta accounts. Your users can now sign in to their Openli accounts using Okta.

Notes

To log in to the Openli platform using Okta, simply click the Okta button and authenticate with your Okta account:
Log in with Okta using the "Okta" button instead of a username and password.