Comment on page
SSO with Okta
How to set up single sign-on for Openli with Okta
Openli supports what Okta calls "Service Provider (SP)-Initiated Authentication (SSO) Flow".
This authentication flow occurs when the user attempts to log in on Openli using Okta.
Maintenance of users on your Openli account must be done from within your Openli account. Openli does not support automatic user provisioning.
Okta single sign-on settings in Openli
Install the Openli application in your Okta instance.
On the Okta admin page, click on the Openli application and then navigate to the Sign On tab. Next, you will need to copy the values you see here for Client ID and Client secret to your Openli account.
Paste the values of Client ID and Client secret from your Okta account to the corresponding fields in your single sign-on settings in your Openli account.
On the Okta admin page, navigate to the link titled OpenID Provider Metadata. Click this link. In the JSON document shown, look for a key titled
issuerand copy the URL-value (without quotes) to the Okta client issuer field in your Openli Single sign-on settings.
Contact [email protected] and tell us which domain you want to register as your SSO domain. When we have confirmed that this is set up, your SSO domain will show under Single sign-on in your Openli settings.
All general considerations from Setting up SSO (Single Sign-On)will now apply. Most importantly, make sure that the emails of employees/users you invite into your Openli account exactly match their Okta accounts. Your users can now sign in to their Openli accounts using Okta.
To log in to the Openli platform using Okta, simply click the Okta button and authenticate with your Okta account:
Log in with Okta using the "Okta" button instead of a username and password.