Skip to main content

Guide: Configure Okta OIDC SSO Integration

A concise, step-by-step guide to configuring Okta as an OIDC SSO provider for Lumonic. Learn how to create a new web app integration, set the correct redirect URIs, and find the Client ID, Client Secret, and Metadata URL needed for setup."

Updated over a week ago

Configure Okta (OIDC) SSO

This guide details how to create an Okta OIDC application to use for OIDC-based Single Sign-On (SSO) with Lumonic.

Part 1: Create the Okta App Integration

  1. Sign in to your Okta Admin Console.

  2. Navigate to Applications > Applications.

  3. Click Create App Integration.

  4. For Sign-in method, select OIDC - OpenID Connect.

  5. For Application type, select Web Application. Click Next.

  6. On the New Web App Integration page, fill out the following:

    • App integration name: Enter a name (e.g., "Lumonic SSO").

    • Grant type: Ensure the following are checked:

      • Authorization Code (default)

      • Refresh Token

      • Implicit (hybrid)

    • Sign-in redirect URIs: Add the callback URL: https://app.lumonic.com/auth/oidc/callback

    • Sign-out redirect URIs: Add the logout URL: https://app.lumonic.com/logout

    • Assignments: Select your desired access policy (e.g., Skip group assignment for now).

  7. Click Save.

Part 2: Gather Required Credentials

After saving, you will land on the app's General tab.

  1. In the Client Credentials section:

    • Copy the Client ID.

    • Copy the Client secret. Important: This is the only time the secret will be fully visible.

  2. Note your Okta domain from your browser's URL bar (e.g., dev-12345.okta.com).

  3. Your Metadata URL will be your domain plus /.well-known/openid-configuration.

    • Example: https://{yourOktaDomain}/.well-known/openid-configuration

Part 3: Configure Login & Visibility Settings

This step allows users to start the login process from their Okta dashboard.

  1. While still on the General tab, find the LOGIN section and click Edit.

  2. Application visibility: Check Display application icon to users (if you want it to appear on their Okta dashboard).

  3. Login flow: Select Redirect to app to initiate login (OIDC Compliant).

  4. Initiate login URI: Enter https://app.lumonic.com/auth/sso/initiate/{your-client-id}

    • Replace {your-client-id} with the Client ID you copied in Part 2.

  5. Click Save.

Part 4: Configure Lumonic

You will need the three items gathered from Okta:

  • Client ID (from Part 2)

  • Client Secret (from Part 2)

  • Metadata URL (from Part 2)

  1. In Lumonic, navigate to the Team > Security tab.

  2. Click to Configure SSO.

  3. Enter a Display Name (e.g., "Okta SSO").

  4. Paste the Client ID and Client Secret into their respective fields.

  5. Paste the Metadata URL into the Auto Discovery field. This will automatically populate the required endpoints.

  6. (Optional) Enable Auto-provision and select a default role for users signing in for the first time.

Part 5: Assign Users and Groups

If you didn't grant access to everyone in Part 1, you must assign users.

  1. Navigate to the Assignments tab of your Okta app.

  2. Click the Assign dropdown and choose Assign to People or Assign to Groups.

  3. Find the users or groups you want to grant access to, click Assign next to their name, and then click Done.

Related Articles
Guide: Configure Azure Active Directory SSO
Guide: Configure Entra ID OIDC SSO Integration
Did this answer your question?