Instructions for

On this page

Build a Single Sign-On (SSO) integration

This guide teaches you how to integrate your federated SSO application with Okta. This guide assumes that you intend to make this app integration public by publishing it in the Okta Integration Network (OIN).


Learning outcomes

Create and test an SSO app integration for OIN submission.

What you need


Overview

Single Sign-On (SSO) is an authentication method that enables end users to sign in to multiple applications (apps) with one set of credentials. If you have customers that use Okta as an Identity Provider, you want to publish your SSO app integration to the OIN. By having your integration in the OIN catalog, your customers can easily configure SSO for your app. See Overview of Single Sign-On in the OIN for all the benefits of having your integration in the OIN catalog.

To create an SSO integration for the OIN, first sign up for a free Okta developer-edition org (opens new window). Next, select the type of SSO protocol that you want to implement. Okta supports two SSO standards for your integration:

  • OpenID Connect (OIDC) (preferred)
  • Security Assertion Markup Language (SAML)

Okta recommends using OIDC for new SSO integrations.

Note: Not all Okta SSO features are supported in the OIN. See OIN limitations.

Deployment models

After you've decided on a protocol, select a deployment model. Okta offers redirect or embedded authentication deploy models. Redirect authentication uses the Okta Sign-In Widget (opens new window) and is the easiest, most secure way to integrate with Okta.

Okta recommends the redirect authentication deployment model if your situation meets the requirements. For more information on deployment models and other authentication considerations, see:

Prepare your integration

Create your integration in Okta

This section assumes that you've built the SSO integration in your app.

After you've built your SSO integration, you can use the Application Integration Wizard (AIW) in the Admin Console to create your app integration instance. This instance provides you with client credentials or metadata for you to test your SSO flows.

Note: Creating your app integration instance doesn't automatically make it available in the OIN (opens new window). After you've tested your integration, you need to submit it to the OIN team for verification and publication.

  1. Sign in to your developer-edition Okta org as a user with administrative privileges.
  2. Go to Applications > Applications in the Admin Console.
  3. Click Create App Integration.

Specify your integration settings

This portion of the guide takes you through the steps for configuring your specific SSO integration using the Okta Admin Console.

After you create your integration instance in the Create your integration in Okta section, the main settings page appears for your new integration in the Admin Console. Specify General Settings and Sign On options, and assign the integration to users in your org. Click Edit if you need to change any of the options, and Save when you've made your changes.

Test your integration

This portion of the guide takes you through the steps required to test your integration.

Assign users

First, you must assign your integration to one or more test users in your org:

  1. Click the Assignments tab.
  2. Click Assign and then select either Assign to People or Assign to Groups.
  3. Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click Assign for each.
  4. Verify the user-specific attributes for any people that you add, and then select Save and Go Back.
  5. Click Done.

Test Single Sign-On

  1. Sign out of your Okta org. Click Sign out in the upper-right corner of the Admin Console.

  2. Sign in to the Okta End-User Dashboard as the regular user that was assigned the integration.

    Note: If you sign in as a non-admin user to your Okta org from a browser, the End-User Dashboard appears. To access the End-User Dashboard from a mobile device, see Okta End-User-Dashboard (opens new window).

  3. Click the Okta tile for the integration and confirm that the user is signed in to your app.

Next steps

After you complete testing your app integration, you can start the submission process to have your app integration included in the Okta Integration Network (opens new window) catalog:

See also