Skip to content

Okta and OpenID Connect

Audience: Application Admins

Content Summary: This page outlines the requirements and process for adding OpenID Connect as your IAM in Immuta.

Requirements

  • Administrator account in Okta.

Supported Features

Immuta's OpenID Connect integration supports the following features

  • Service Provider (SP)-Initiated Authentication (SSO) Flow
  • Identity Provider (IDP)-Initiated Authentication (SSO) Flow

Configuration Steps

1 - Add the Immuta Application in Okta

  1. Log in to Okta as an Admin, navigate to the Applications tab, and click Add Application.

    Add Application

  2. Search for Immuta in the search bar and click Add.

    Add Immuta

  3. Click the Sign On tab and copy the Client ID and Client secret.

    Client ID and Secret

2 - Add OpenID Connect in Immuta

  1. Log in to Immuta and click the App Settings icon in the left sidebar.
  2. Click the Add IAM button and enter a Display Name.
  3. Select OpenID from the Identity Provider Type dropdown menu.
  4. Copy the redirect URL and register this URL in Okta.

App Settings OpenID Redirect URL

  1. If prompted for the client application type, choose web.

3 - Configure OpenID Connect

  1. In the Identity Management section of the Immuta console, enter the Client ID and Client Secret you copied from Okta in the previous.

  2. Enter the following URL in the Discover URL field: https://<your_okta_workspace.com>/.well-known/openid-configuration.

    Okta Discover URL

  3. Opt to add additional Scopes.

  4. In the Profile Schema section, map attributes in OpenID to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
  5. Opt to Allow Identity Provider Initiated Single Sign On to use the IDP-Initiated SSO feature by selecting the checkbox.
  6. Opt to Migrate Users from another IAM by selecting the checkbox.

4 - Test Connection and Save Configuration

  1. Click the Test Connection button.
  2. Once the connection is successful, click the Test User Login button.
  3. Click Save.