---
title: "Configuring Okta SSO with OpenID Connect"
slug: "configuring-okta-sso-with-openid-connect"
updated: 2025-09-19T13:14:22Z
published: 2025-09-19T13:14:22Z
canonical: "documentation.encodify.com/configuring-okta-sso-with-openid-connect"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.encodify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Okta SSO with OpenID Connect

## Overview

---

This guide provides step-by-step instructions on how to configure **Okta Single Sign-On (SSO)** for Encodify using **OpenID Connect (OIDC)**.

## Configuring OpenID Connect for Encodify via Okta

---

### Step 1: Identity Provider (IdP) Configuration in Encodify

1. Navigate to: **Site Configuration → Identity Providers and Users → Identity Providers**.
2. Click **Add New IdP**.
3. Fill in the fields:
  - **Name ID**: Use English letters only, no spaces. This becomes part of the URL.
  - **Display Name for Login Page**: This will appear on the login button.
  - **Authentication Method**: Select **OpenID Connect**.
  - **Email Domains (optional)**: Restrict logins to certain domains (e.g. `encodify.com, microsoft.com`).
4. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750614286944.png)

### Step 2: Link to a Login URL

1. Link your IdP configuration to an existing **Login URL** and **Login Page**, or create new ones.
  - Each IdP can be linked to one Login URL.
2. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750614365918.png)

### Step 3: Obtain Callback URL from Encodify

1. Copy the **Callback URL** shown in Identity provider configuration in Encodify.

`https://url/login/oauth2/code/OidOkta`.

### Step 4: Create OAuth Credentials in Okta

1. Log in to your Okta Admin Console (e.g. `https://integrator-xxxxxxx-admin.okta.com`).
2. Go to **Applications → Applications**.
3. Click **Create App Integration**.
4. Select:
  - **Sign-in method**: OIDC - OpenID Connect
  - **Application type**: Web Application
5. Click **Next**.
6. Complete the fields:
  - **App Integration Name**: Enter a recognisable name.
  - **Sign-in redirect URIs**: Paste the **Callback URL** from Encodify.
  - **Sign-out redirect URIs**: Leave blank.
  - **Assignments**: Choose appropriate access. This guide assumes no group restriction.
7. Click **Save**.
8. Copy:
  - **Client ID** from *Client Credentials*
  - **Client Secret** from *Client Secrets*
9. Authorization server details will be fetch automatically in Encodify IDP configuration after entering OpenID Connect Config URL:
10. `https://integrator-xxxxxxx-admin.okta.com/oauth2/default/.well-known/openid-configuration`

### Step 5

After App has been created, App permissions need to be configured in OKTA to allow authentication.

1. In OKTA admin console, go to**Security** > **API > Authorization Servers > default**
2. Click edit > switch to the **Access Policies**.
3. Click **Add New Access Policy** > enter Name, Description > Save.
4. Add rule to the created policy with the settings as in the screen below > click **Create Rule**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/Screenshot 2025-09-19 at 14.30.02.png)

### Step 6: Finalise IdP Configuration in Encodify

1. In Encodify (Step 3 of IdP setup):
  - **OpenID Connect Type**: Select "Okta"
  - **Client ID**: Paste from Okta
  - **Client Secret**: Paste from Okta
  - **Scope**: `openid, profile, email`
  - **External User ID Attribute**: `email`
  - **Mapped Attributes**: `name → Name`, `email → Email`
2. Click **Next**.

![Okta.png](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/22773660947869.png)

### Step 7: Attribute and Group Mapping (Optional)

1. You can optionally map token claims from Okta to:
  - **Encodify Access Rights**
  - **User Groups**
2. If you're not mapping from token attributes, continue with default settings.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750614763193.png)

An image highlighting Access Right Mapping

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750614844856.png)

An image highlighting User Group Mapping

### Step 8: Default User Groups

1. Define default groups to assign on first login.
2. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750614956884.png)

### Step 9: Welcome Message & First Login Email

1. Optionally enable a **Welcome Email** and **First Login Message**.
2. Click **Save IdP** to complete the setup.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750615026946.png)

### Logging In via Okta SSO

If Okta is the only authentication method linked to the Login URL, users will be redirected automatically. If multiple methods exist, users will see a button (e.g. **Sign in with Okta SSO**). Upon first login, users will be auto-provisioned in Encodify with configured roles and attributes.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750615091498.png)

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750615133156.png)