Okta

Create an Okta OIDC web app integration for Proliferate SSO.

Use an Okta OIDC application to sign in to Proliferate.

Prerequisites

  • Access to an Okta org with permission to create an app integration.
  • The Redirect URI from your Proliferate Single sign-on settings.

Create the OIDC application

  1. In the Okta Admin Console, go to Applications → Applications and click Create App Integration.
  2. Choose OIDC - OpenID Connect as the sign-in method.
  3. Choose Web Application as the application type, then click Next.
  4. Configure the general settings:
    • App integration name: e.g. Proliferate.
    • Sign-in redirect URIs: paste the Redirect URI copied from Proliferate, e.g. https://app.proliferate.com/auth/sso/oidc/callback.
    • Sign-out redirect URIs: leave empty (not required).
  5. Under Assignments, select the Okta users or groups allowed to use the integration, then Save.
  6. From the application's General tab, copy the Client ID and Client secret.
  7. Find your Issuer URL under Security → API → Authorization Servers and copy the issuer's Issuer URI.

Okta Create a new app integration dialog with OIDC and Web Application selected

Choose OIDC – OpenID Connect and Web Application.

Okta New Web App Integration settings showing name and sign-in redirect URI

Set the app name and the Sign-in redirect URI.

Okta application General tab showing Client ID and client secret

The General tab: copy the Client ID and client secret.

Info:

Okta gives you a choice of issuer. The org authorization server issuer is https://<your-org>.okta.com; the built-in custom authorization server is https://<your-org>.okta.com/oauth2/default. Use whichever matches the authorization server you assigned the app to, and verify by opening <issuer>/.well-known/openid-configuration.

Values for Proliferate

Proliferate fieldValue
OIDC issuer URLIssuer URI from Okta (e.g. https://dev-12345.okta.com)
OIDC client IDClient ID from the General tab
OIDC client secretClient secret from the General tab
OIDC scopesopenid email profile
Token auth methodClient secret basic

Finish in the SSO settings: paste the values above, Save, Test, then Enable.

On this page