Register an Okta client application for use in Identity Enterprise SSO.
This guide shows how to register a client application in Okta. You need the application details to complete the Identity Enterprise SSO setup.
Prerequisites
To be able to manage applications, you must have an Okta account with an Admin role.
Register a new application in Okta
- Sign in to the Okta administrator console at
{yourOktaOrg}-admin.okta.com
. - Go to Applications > Applications, and then click Create App Integration.
- In the Create a new app integration dialog, do the following:
- For Sign-in method, select OIDC - OpenID Connect.
- For Application type, select Web Application.
- Click Next.
- On the New Web App Integration page, do the following:
- For App integration name, enter the name of the application. For example "commercetools Identity".
- For Grant type, select the Authorization Code checkbox.
- For Sign-in redirect URIs, enter the Redirect URI of Identity as displayed in the SSO configuration form. The value depends on the PKCE option. By default, it is
https://auth.identity.commercetools.com/self-service/methods/oidc/callback
because Identity enforces PKCE. If you select another PKCE option (auto or disable), the Redirect URI changes. - For Sign-out redirect URIs, enter
https://identity.commercetools.com
. - For Controlled access, do the following:
- If no groups are present to assign users, select Skip group assignment for now to create a group later (under Directory > Groups) and manually assign users to the group.
- If a group is already present to assign users to, select Limit access to selected groups and assign users to any of those groups.
- Click Save.
- Copy the Client ID and Client secret from the new application window.
- The issuer URL to be assigned in Identity SSO configuration is in the format:
https://{yourOktaOrg}.okta.com
.
Next steps
After registering your client application, continue with the Identity Enterprise SSO initial setup.