Configuring Okta SSO with OpenID Connect

Updated
  • Published on Jun 22, 2025
  • 2 minute(s) read
  • DL
 Prev Next

Overview

This article provides step-by-step guidance on how to configure Google Single Sign-On (SSO) for Encodify using OpenID Connect (OIDC).

Configuring OpenID Connect for Encodify via Okta

Step 1: Start IdP Configuration in Encodify

  1. Navigate to: Site Configuration → Identity Providers and Users → Identity Providers.

  2. Click Add New IdP.

  3. Fill in the fields as follows:

    • Name ID: Use only English letters without spaces. This will be part of the URL.

    • Display Name for Login Page: This will be shown on the login button.

    • Authentication Method: Select OpenID Connect.

    • Email Domains (optional): Specify allowed domains (e.g. encode.dk, microsoft.com).

  4. Click Next to proceed to Step 2.

Step 2: Link to a Login URL

  1. Link your IdP configuration to an existing Login URL and Login Page, or create new ones.

    • Each IdP can be linked to only one Login URL.

  2. Click Next to proceed to Step 3.

Step 3: Obtain Okta Configuration Details

  1. Note the Callback URL shown in Encodify. Example: https://mpa.dev.encode.dk/mpa/login/oauth2/code/OidOkta.

Step 4: Create OAuth Credentials in Okta Admin Console

  1. Go to your Okta Admin Console (e.g. https://dev-XXXXXXXX-admin.okta.com/admin/dashboard).

  2. Navigate to Applications → Applications.

  3. Click Create App Integration.

  4. Select:

    • Sign-in method: OIDC - OpenID Connect

    • Application type: Web Application

  5. Click Next.

  6. Complete the fields:

    • App Integration Name: Enter a recognisable name.

    • Sign-in redirect URIs: Paste the Callback URL from Encodify.

    • Sign-out redirect URIs: Leave blank.

    • Assignments: Choose appropriate access. This guide assumes no group restriction.

  7. Click Save.

  8. Copy:

    • Client ID from Client Credentials

    • Client Secret from Client Secrets

  9. Navigate to: Security → API → Authorization Servers → default.

  10. Copy:

    • OpenID Connect JWK URI: https://dev-XXXXXXXX.okta.com/oauth2/default/v1/keys

    • Authorisation URL: https://dev-XXXXXXXX.okta.com/oauth2/default/v1/authorize

    • Token URL: https://dev-XXXXXXXX.okta.com/oauth2/default/v1/token

  11. (Optional) You can also fetch these by entering the full config URL into OpenID Connect Config URL field in Encodify:

    • https://dev-XXXXXXXX.okta.com/oauth2/default/.well-known/openid-configuration

Step 5: Finalise IdP Configuration in Encodify

  1. In Step 3 of Encodify IdP setup:

    • OpenID Connect Type: Select "Okta"

    • Client ID: Paste from Okta

    • Client Secret: Paste from Okta

    • Scope: openid, profile, email

    • External User ID Attribute: email

    • Mapped Attributes: name → Name, email → Email

  2. Click Next to proceed to Step 4.

Okta.png

Step 6: Attribute and Group Mapping (Optional)

  1. You can optionally map token claims from Okta to:

    • Encodify Access Rights

    • User Groups

  2. If you're not mapping from token attributes, continue with default settings.

An image highlighting Access Right Mapping

An image highlighting User Group Mapping

Step 7: Default User Groups

  1. Define default groups to assign on first login.

  2. Click Next.

Step 8: Welcome Message & First Login Email

  1. Optionally enable a Welcome Email and First Login Message.

  2. Click Save IdP to complete the setup.

Logging In via Okta SSO

If Okta is the only authentication method linked to the Login URL, users will be redirected automatically. If multiple methods exist, users will see a button (e.g. Sign in with Okta SSO). Upon first login, users will be auto-provisioned in Encodify with configured roles and attributes.

Related articles