Instructions for

On this page

Add a private SSO integration

Use this guide to add a private, custom Single Sign-On (SSO) OpenID Connect (OIDC) or SAML 2.0 integration to your Okta org. Only the users of the org where you install the private integration can use it. This guide also shows you how to test the private integration in your org.


Learning outcomes

  • Learn how to add a private SSO integration to your Okta org
  • Learn how to test your SSO integration in your Okta org

What you need


Overview

To integrate your app for Single Sign-On (SSO) with Okta, you need to first develop your app SSO integration. Then, you need to register your app with an Okta org before you can test it.

Registration involves creating an app integration instance in your Okta org to provide you with the SSO credentials or metadata for your app authentication requests. This integration is considered private because it's only available in the org from where the app integration instance was created.

Note: An app integration is considered public if it's available in the Okta Integration Network (OIN) catalog (opens new window) for all Okta customers.

This guide assumes that you've developed your app SSO integration and want to add it to your Okta org. The instructions in this guide are generic for two SSO standards:

  • OpenID Connect (OIDC) (preferred)
  • Security Assertion Markup Language (SAML)

Note: Private integrations aren't restricted to the OIN limitations. You can implement the Okta features that are available on your specific Okta org.

Create your private integration in Okta

After you build your app SSO integration, use the Application Integration Wizard (AIW) in the Admin Console to create your app integration instance. This instance provides you with client credentials or metadata for your SSO flows.

Note: As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future.

  1. Sign in to your Developer Edition org as a user with administrative privileges.
  2. Go to Applications > Applications in the Admin Console.
  3. Click Create App Integration.

Specify your integration settings

After you create your integration instance, the main settings page appears for your new integration in the Admin Console. Specify General Settings and Sign On options, and assign the integration to users in your org. Click Edit if you need to change any of the options, and Save when you finish.

Test your integration

This portion of the guide takes you through the steps required to test your integration.

Assign users

First, you must assign your integration to one or more test users in your org:

  1. Click the Assignments tab.
  2. Click Assign and then select either Assign to People or Assign to Groups.
  3. Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click Assign for each.
  4. Verify the user-specific attributes for any people that you add, and then select Save and Go Back.
  5. Click Done.

Test Single Sign-On

  1. Sign out of your Okta org by clicking Sign out in the upper-right corner of the Admin Console.

  2. Sign in to the Okta End-User Dashboard as a regular user assigned to the integration.

    Note: If you sign in as a non-admin user to your Okta org from a browser, the End-User Dashboard appears. To access the End-User Dashboard from a mobile device, see Okta End-User-Dashboard (opens new window).

  3. Click the Okta tile for the integration and confirm that the user is signed in to your app.

Next steps

After you test your SSO integration, communicate to your Okta org users about the custom app SSO capability.

If you decide to publish your integration to the OIN later on:

See also