To connect your org to the IdP, add the IdP that you just created.
profilescopes. These scopes are included when Okta makes an OIDC request to the IdP.
Note: By default, Okta requires the email attribute for a user. The
https://theIdPorg.com/.well-known/openid-configuration. For a list of fully-tested IdPs that are supported, see Set Up Supported Identity Providers.
Issuer - The identifier of the OIDC provider. For example, the Okta org where you created the IdP app:
Authorization endpoint - The URL of the IdP's OAuth 2.0 Authorization endpoint. For example:
Token endpoint - The URL of the IdP's token endpoint for obtaining access and ID tokens. For example:
JWKS endpoint - The URL of the IdP's JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider. For example:
Userinfo endpoint - The endpoint for getting identity information about the user. For example:
Click Add Identity Provider. The main Identity Providers page appears.
Expand the IdP that you just configured and copy the Authorize URL and the Redirect URI. Paste in to a text editor for use in upcoming steps.
When a user first signs in to Okta using a generic OIDC IdP, their IdP user profile is mapped to an Okta Universal Directory profile using Just in Time provisioning. This user account creation and linking includes default mappings that are based on standard claims defined by the OIDC specification.
To view and modify the mappings, access the IdP that you created by selecting Social & Identity Providers from the Users menu. Click Configure for the IdP and select Edit Mappings.
If there are attributes that don't exist in your org's Universal Directory, but are a part of the user's IdP profile, add the attributes by editing the IdP user profile in your org.
See Manage User Profiles for more information on custom attributes.Next: