Skip to main content

Okta App OIDC Configuration Guide

Enhance security and streamline access with Xakia’s Okta OIDC integration for Single Sign-On (SSO)

Updated this week

When the Xakia Okta app is configured for OIDC, Xakia users will be able to use Single Sign-On (SSO) via Okta when logging into Xakia.

Xakia recommends using Microsoft Okta SCIM federated identity if your organization supports it. If you want to utilize Okta SCIM functionality to manage Xakia users from Okta, please use this guide to configure Okta App SCIM after completing the Okta App OIDC setup.

The Okta App OIDC federated identity option requires an Okta system administrator to configure OIDC within Okta.

Non legal team users should not be added to the assignments.

Only legal team users should be added to the assignments. Note that any user added to the assignments will become a billable Xakia user.

In the event that non legal team members are accidentally added as billable Xakia users, the Xakia support team can help clean this up, however this will attract a service fee.

IMPORTANT: Before configuring Okta App OIDC federated identity using the steps below, it is highly recommended that you set up a Xakia Support Account at your Xakia location to ensure minimal downtime during your switch to Okta App SCIM federated identity.

Xakia Location Administrator access is required to set up Single-Sign-On. Please ensure that the member of IT managing Okta has a Xakia Location Admin user account setup. This account can be configured without Matter or Contract access and set up as non-billable by contacting Xakia Support.

Supported features

  • SP-initiated SSO

  • SP-initiated logout

See further instructions below under 'SP-initiated SSO Instructions'.

Step-by-step configuration instructions

Step 1: Xakia

  • In Xakia go to Admin > Settings > Users & Security > Federated Identity

  • Select Okta as the identity provider

  • Note the ‘Company ID’

Step 2: Okta

  • Browse the app catalog in Okta and search for Xakia and add the Xakia app

  • Select the Sign-On tab and press 'Edit'

  • Fill out ‘Company ID’ with the Company Id from Xakia as noted down in the previous step

  • Set the ‘Application username format’ to Email

  • Click 'Save'

  • Note down the ‘Client ID’ of the Okta Application

Step 3: Complete Xakia Configuration

  • In Xakia go to Admin > Settings > Users & Security > Federated Identity

  • In Xakia under Federated Identity, fill out ‘Client Id’ with the Okta Client ID noted down in the previous step

  • Enter your Okta domain (e.g https://yourorg.okta.com) in the ‘Issuer URL’ field

  • Click 'Save'

Step 4: Configure users

Xakia offers two approaches for configuring users to login with SSO via Okta.

  1. Provision and manage users directly from Okta using SCIM provisioning (Recommended)

  2. Manually configuring users to login via Okta

Provision users from Okta

You can provision Xakia users directly from Okta SCIM. Only Xakia main application users need to be added - please do not add Internal client users. Internal client users will be automatically provisioned by accessing the Internal Client Portal directly.

Provision Xakia users directly from Okta SCIM

Non legal team users should not be added to the assignments.

Only legal team users should be added to the assignments. Note that any user added to the assignments will become a billable Xakia user.

In the event that non legal team members are accidentally added as billable Xakia users, the Xakia support team can help clean this up, however this will attract a service fee.

Note: Internal Client users must be assigned to the Xakia OIDC app in Okta to be automatically provisioned.

Manually Configure Users

  • In Xakia go to Admin > Settings > Users & Security > Federated Identity

  • Toggle on ‘Enable User Provisioning from Xakia’

  • Go to the Users tab and add/edit a user

  • Set Okta as their Identity Provider

SP-initiated SSO Instructions:

Set Up SSO: If you want to utilize Okta SCIM functionality to manage Xakia users from Okta, use this guide to configure Okta App SCIM.

Implementation Guide

When implementing and testing federated identity in Xakia, we recommend the following:

Test in your Production Location

Set up a production federated identity provider directly in your Xakia location and use a single test user to verify configuration.

  • Creating and configuring a federated identity provider in your Xakia location will not disrupt sign-ins for any current users and will not result in any downtime or unavailability in your Xakia location

  • Existing users will continue to sign in using their Xakia identity as normal while you are testing

Once you have confirmed that your test user can sign in with the federated identity provider as expected, you can complete the implementation for all desired users

Avoid Separate Test Environments

Do NOT create a new Xakia location or use a separate test identity provider. Similarly, avoid using a test IDP tenant or instance. Xakia supports only one federated identity provider per company (with the exception of Microsoft Entra (Sync Job), which supports multiple tenants and locations). Using test locations or IDPs can cause unexpected behavior.

Use a Pilot User

Always test with a real user from your production environment and production IDP to ensure accuracy and avoid complications during rollout (with the exception of Microsoft Entra (Sync Job), which supports multiple tenants and locations).

Did this answer your question?