Okta Open ID Connect

Internal ODIC supports Service Provider (SP)-Initiated Authentication and Identity Provider (IdP)-Initiated Authentication (SSO) flows.

In Okta's Admin Portal:

  1. Login to the Okta Integration Network
  2. Search and select for 'Internal OpenID Connect' (or click here)
  3. Click 'Add'
  4. Select 'Done'
  5. Select the 'Sign On' tab
  6. Find the Client ID, Client Secret, and Okta Domain. Copy these to reference for later.
  7. Enter the External Key for your Internal Single Sign-On connection. This field can be found in your Internal Single Sign-On settings while configuring your Okta OpenID integration.
  8. Click 'Save'

In Internal's Single Sign-On Settings:

  1. Navigate to 'Company Settings'
  2. Select the 'Security' tab
  3. Select 'Single Sign-On' to open the Single Sign-On drawer.
  4. From the Single Sign-On drawer, select 'Okta OpenID Connect' from the drop down.
  5. Referencing the values copied from the Okta Admin Portal, configure the following fields in Internal:
  6. Okta Domain
  7. Okta Client ID
  8. Okta Client Secret
  9. Additionally, ensure that the External Key provided in the Single Sign-On drawer has been entered in the Okta Admin Portal.
  10. Click 'Save'
  11. In order to test this authentication method, navigate back to the Single Sign-On drawer and select 'Test Okta Configuration'. If everything looks good, you'll be redirected to Okta and back to the Single Sign-On drawer with confirmation.

Note: Okta login URLs now honor the "next" url parameter when being

For example, this URL now properly redirects to the "claims"
space when being configured as the "Initiate Login URI" in
the Okta OIDC config: