Okta with OpenID SSO

  • Updated on Mar 28, 2026
  • 4 minute(s) read
Prev Next

Plans supporting this feature: Enterprise

Before setting up Single Sign-On (SSO) between Document360 and Okta using the OpenID protocol, ensure you have administrative access to Okta. Please note that only users with Owner or Admin as Project role can configure SSO in Document360.

PRO TIP

It is recommended to open Document360 and Okta in two separate tabs/browser windows since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

Sign up for Okta

Access to an Okta account is required for configuring SSO with Document360. If you don't have an account:

  1. Navigate to Okta Developer Sign-Up and complete the sign-up process.

  2. Once you log in to Okta with your credentials, you will be navigated to the Okta Admin Console page.

Adding an Application in Okta

To create a Document360 SSO configuration using Okta, follow these steps:

  1. Log in to Okta using your account credentials.

  2. Switch to the admin user role by clicking on Admin at the top right next to your profile name.

  3. From the left navigation list, expand the Applications dropdown and click Applications.

  4. Click the Create App Integration button and select OIDC - OpenID Connect as the Sign-in method.

  5. Choose Web Application as the Application type, then click Next.

  6. On the New Web App Integration page, enter a name for your app in the App integration name field.

Document360 Service Provider (SP) Configuration

Next, you will need to configure Okta with the Service Provider (SP) details provided by Document360:

  1. Open Document360 in a separate tab or panel.

  2. Navigate to Settings > Users & permissions > SSO Configuration in Document360.

  3. Click the Create SSO button.

SSO configuration settings for users and permissions in a web application interface.

  1. Select Okta as your identity provider to automatically navigate to the Configure the Service Provider (SP) page.

    Select an Identity Provider for Single Sign-On configuration, highlighting Okta option.

  2. In the Configure the Service Provider (SP), select the OpenID radio button to configure SSO with OpenID.

  3. This page will display a set of parameters.

Configuration settings for OpenID in the Okta application setup process.

  1. Go to the New Web App Integration page on Okta, and enter the parameters from Document360 as shown below.

Okta

Document360

Sign in redirect URI

Sign-in redirect URIs

Sign out redirect URI

Sign-out redirect URIs

Okta Admin Console displaying sign-in and sign-out redirect URIs for user authentication.

  1. Next, scroll down to Assignments and select a Controlled access by selecting the desired radio button.

Options for app access control and immediate access settings in the application interface.

  1. Click Save. You will be redirected to the Application’s General page.

Document360 OpenID SSO Configuration

Now, configure the SSO settings in Document360:

  1. Return to the Document360 tab/panel displaying the Configure the Service Provider (SP) page.

  2. Click Next to navigate to the Configure the Identity Provider (IdP) page and enter the corresponding values from your Okta configuration:

Configuration settings for Identity Provider with required fields for Client ID and secret.

Okta

Document360

Client ID

Client ID

Client Secret

Client Secret

Issuer URI

Authority

NOTE

To find the Issuer URI in Okta, navigate to Security > API.

  1. Ensure that the Client ID and Client Secret match the values generated in Okta.

Okta Admin Console displaying client credentials and authentication options for applications.

  1. Click Next to proceed to the SCIM provisioning page.

SCIM Provisioning

If SCIM is needed,

  1. Turn on the Enable SCIM provisioning toggle. A confirmation dialog will appear, read the terms and click Agree.

  2. The parameters required to complete the SCIM configuration in Okta will then be displayed.

Configuration settings for SCIM provisioning and identity provider setup in a web interface.

  1. Go to Okta, expand the Applications dropdown in the left navigation bar, and click Applications.

  2. Click Browse App Catalog and search for SCIM 2.0 (OAuth Bearer Token), then select See all results.

Okta Admin Console displaying applications with options to create and browse app integrations.

  1. From the search results select (OAuth Bearer Token) Governance with SCIM 2.0 and click Add Integration.

Okta Admin Console displaying OAuth Bearer Token integration options with SCIM 2.0.

NOTE

Make sure to select the correct App. Do not select the Test app version.

  1. In the General Settings page, you can change your Application label, and click Next.

Okta Admin Console showing application settings and OAuth Bearer Token information.

  1. Then click Done in the Sign-On options page.

NOTE

Configuration is not needed in this step as we have already configured OpenID in the previous steps. This app is created only for SCIM provisioning.

  1. Navigate to Provisioning tab and select Configure API Integration.

  2. Select the Enable API Integration checkbox and a set of fields will be displayed.

  3. Enter the parameters from Document360 to Okta as shown below.

Okta

Document360

Base URL

SCIM Base URL

OAuth Bearer Token

Primary secret token

Okta Admin Console displaying successful OAuth Bearer Token verification and API integration options.

 NOTE

Do not click Test Connector Configuration yet. At this stage, SCIM provisioning will not work with Document360 because the SSO configuration set up is not completed in Document360.

  1. Once you’re done, navigate back to Document360 to complete the configuration.

Assign default role

  1. Turn on the Enable group sync toggle if needed.

  2. In the Default role field, the role is set to Contributor by default. You can change this from the dropdown if needed.

  3. In the User groups and Reader groups fields, select the groups you want to add. Multiple groups can be added, and they will inherit the default role you selected earlier.

  4. Click Next to navigate to the More Settings page.

More Settings

In the More settings page, configure the following:

  • SSO name: Enter a name for the SSO configuration.

  • Customize login button: Enter the text for the login button displayed to users.

  • Auto assign reader group: This option is only available for existing SSO configurations. For newly created SSO configurations, the Auto assign reader group toggle will not be displayed as SCIM automatically provisions users and groups.

  • Sign out idle SSO user: Toggle on/off based on your requirements.

  • Choose whether to invite existing user and reader accounts to SSO.

Settings for creating a new SSO with OpenID Okta configuration options displayed.

Click Create to complete the OpenID SSO configuration.

Complete SCIM integration with Okta

To complete SCIM provisioning with Okta,

  1. Navigate back to Okta page.

  2. Click Test API Credentials and a success message should show up, confirming that the created SCIM app is integrated successfully.

Okta Admin Console displaying successful OAuth Bearer Token verification and API integration options.

  1. Click Save.

  2. Next, go to Provisioning tab and select To App and click Edit on the Provisioning to App section.

  3. Select the following supported actions only.

    1. Create Users

    2. Update User Attributes

    3. Deactivate Users

Okta Admin Console showing provisioning settings for SCIM 2.0 application integration.

  1. Then click Save.

SCIM Provisioning with Okta OpenID is configured successfully.

The SSO configuration based on the OpenID protocol has been configured using Okta successfully.

 NOTE

For more information on how to manage users, readers and groups. Go to Managing Users and Readers with SCIM in Okta.

Related articles