Okta and OpenID Connect
Audience: Application Admins
Content Summary: This page outlines the requirements and process for adding OpenID Connect as your IAM in Immuta.
- Administrator account in Okta.
Immuta's OpenID Connect integration supports the following features
- Service Provider (SP)-Initiated Authentication (SSO) Flow
- Identity Provider (IDP)-Initiated Authentication (SSO) Flow
1 - Add the Immuta Application in Okta
Log in to Okta as an Admin, navigate to the Applications tab, and click Add Application.
Search for Immuta in the search bar and click Add.
Click the Sign On tab and copy the Client ID and Client secret.
2 - Add OpenID Connect in Immuta
- Log in to Immuta and click the App Settings icon in the left sidebar.
- Click the Add IAM button and enter a Display Name.
- Select OpenID from the Identity Provider Type dropdown menu.
- Copy the redirect URL and register this URL in Okta.
- If prompted for the client application type, choose web.
3 - Configure OpenID Connect
In the Identity Management section of the Immuta console, enter the Client ID and Client Secret you copied from Okta in the previous.
Enter the following URL in the Discover URL field:
Opt to add additional Scopes.
- Opt to Enable SCIM support for OpenID by clicking the checkbox, which will generate a SCIM API Key.
- In the Profile Schema section, map attributes in OpenID to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
- Opt to Allow Identity Provider Initiated Single Sign On to use the IDP-Initiated SSO feature by selecting the checkbox.
- Opt to Migrate Users from another IAM by selecting the checkbox.
4 - Test Connection and Save Configuration
- Click the Test Connection button.
- Once the connection is successful, click the Test User Login button.
- Click Save.