To support OpenID Connect (OIDC)-based Single Sign On (SSO) from Okta, you must first set up an application in Okta. To set up an OIDC-based application in Okta for SSO, perform the steps on this procedure.

Prerequisites

Ensure you have an Okta account to sign in.

Procedure

  1. Log in to your Okta account as an Admin user.
    The Okta home screen appears.
    Note: If you are in the Developer Console view, then you must switch to the Classic UI view by selecting Classic UI from the Developer Console drop-down list.
  2. To create a new application:
    1. In the upper navigation bar, click Applications > Add Application.
      The Add Application screen appears.
    2. Click Create New App.
      The Create a New Application Integration dialog box appears.
    3. From the Platform drop-drop menu, select Web.
    4. Select OpenID Connect as the Sign on method and click Create.
      The Create OpenID Connect Integration screen appears.
    5. Under the General Settings area, in the Application name text box, enter the name for your application (for example, VCO).
    6. Under the CONFIGURE OPENID CONNECT area, in the Login redirect URIs text box, enter the redirect URL that your VCO application uses as the callback endpoint.
      In the VCO application, at the bottom of the Configure Authentication screen, you can find the redirect URL link. Ideally, the VCO redirect URL will be in this format: https://<VCO URL>/login/ssologin/openidCallback.
    7. Click Save.
    8. On the General tab, click Edit and select Refresh Token for Allowed grant types, and click Save.
      Note down the Client Credentials (Client ID and Client Secret) to be used during the SSO configuration in VCO.
    9. Click the Sign On tab and under the OpenID Connect ID Token area, click Edit.
    10. In the Groups claim filter area, set the filter for the user groups and click Save.
      The application is setup in IDP. You can assign groups and users to your VCO application.
  3. To assign groups and users to your VCO application:
    1. Go to Application > Applications and click on your VCO application link.
    2. On the Assignments tab, from the Assign drop-down menu, select Assign to Groups or Assign to People.
      The Assign <Application Name> to Groups or Assign <Application Name> to People dialog box appears.
    3. Click Assign next to available user groups or users you want to assign the VCO application and click Done.

Results

You have completed setting up an OIDC-based application in Okta for SSO.

What to do next

Configure Single Sign On in VCO.