Identity Enterprise SSO integration with Okta

Register an Okta client application for use in Identity Enterprise SSO.

Prerequisites

To be able to manage applications, you must have an Okta account with an Admin role.

Register a new application in Okta

  1. Sign in to the Okta administrator console at {yourOktaOrg}-admin.okta.com.
  2. Go to Applications > Applications, and then click Create App Integration.
  3. In the Create a new app integration dialog, do the following:
    • For Sign-in method, select OIDC - OpenID Connect.
    • For Application type, select Web Application.
  4. Click Next.
  5. On the New Web App Integration page, do the following:
    • For App integration name, enter the name of the application. For example "commercetools Identity".
    • For Grant type, select the Authorization Code checkbox.
    • For Sign-in redirect URIs, enter the Redirect URI of Identity as displayed in the SSO configuration form. The value depends on the PKCE option. By default, it is https://auth.identity.commercetools.com/self-service/methods/oidc/callback because Identity enforces PKCE. If you select another PKCE option (auto or disable), the Redirect URI changes.
    • For Sign-out redirect URIs, enter https://identity.commercetools.com.
    • For Controlled access, do the following:
  6. Click Save.
  7. Copy the Client ID and Client secret from the new application window.
  8. The issuer URL to be assigned in Identity SSO configuration is in the format: https://{yourOktaOrg}.okta.com.

Next steps

After registering your client application, continue with the Identity Enterprise SSO initial setup.

Other resources