---
title: "Okta with OpenID SSO"
slug: "okta-with-openid-sso"
description: "Set up Single Sign-On (SSO) between Document360 and Okta using OpenID. Follow our guide for seamless integration and enhanced security."
updated: 2026-05-30T09:30:01Z
published: 2026-05-30T09:30:01Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.document360.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta with OpenID SSO

Before setting up Single Sign-On (SSO) between Document360 and Okta using the OpenID protocol, ensure you have administrative access to Okta. Please note that only users with **Owner** or **Admin**as **Project role** can configure SSO in Document360.

> [!TIP]
> ** PRO TIP
> 
> It is recommended to open **Document360**and **Okta**in two separate tabs/browser windows since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.

## Sign up for Okta

Access to an Okta account is required for configuring SSO with Document360. If you don't have an account:

1. Navigate to [Okta Developer Sign-Up](https://developer.okta.com/signup/) and complete the sign-up process.
2. Once you log in to Okta with your credentials, you will be navigated to the**Okta Admin Console**page**.**

## Adding an Application in Okta

To create a Document360 SSO configuration using Okta, follow these steps:

1. Log in to Okta using your account credentials.
2. Switch to the admin user role by clicking on **Admin** at the top right next to your profile name.
3. From the left navigation list, expand the **Applications** dropdown and click **Applications**.
4. Click the **Create App Integration** button and select **OIDC - OpenID Connect** as the **Sign-in method.**
5. Choose **Web Application** as the **Application type,** then click **Next**.
6. On the**New Web App Integration** page, enter a name for your app in the **App integration name** field.

![](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/creating application(1).gif)

## Document360 Service Provider (SP) Configuration

Next, you will need to configure Okta with the Service Provider (SP) details provided by Document360:

1. Open Document360 in a separate tab or panel.
2. Navigate to **Settings**>**Users & permissions > SSO Configuration** in Document360.
3. Click the **Create SSO** button.

![SSO configuration settings for users and permissions in a web application interface.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/create sso(2).png)

1. Select **Okta**as your identity provider to automatically navigate to the **Configure the Service Provider (SP)** page.

![Select an Identity Provider for Single Sign-On configuration, highlighting Okta option.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/okta eu(6).png)
2. In the **Configure the Service Provider (SP)**, select the **OpenID** radio button to configure SSO with OpenID.
3. This page will display a set of parameters.

![Configuration settings for OpenID in the Okta application setup process.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/sp(4).png)

1. Go to the **New Web App Integration** page on Okta, and enter the parameters from Document360 as shown below.

| Okta | Document360 |
| --- | --- |
| Sign in redirect URI | Sign-in redirect URIs |
| Sign out redirect URI | Sign-out redirect URIs |

![Okta Admin Console displaying sign-in and sign-out redirect URIs for user authentication.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/sign in(1).png)

1. Next, scroll down to **Assignments**and select a **Controlled access**by selecting the desired radio button.

![Options for app access control and immediate access settings in the application interface.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/assigned.png)

1. Click **Save**. You will be redirected to the Application’s **General**page.

## Document360 OpenID SSO Configuration

Now, configure the SSO settings in Document360:

1. Return to the Document360 tab/panel displaying the **Configure the Service Provider (SP)** page.
2. Click **Next** to navigate to the **Configure the Identity Provider (IdP)** page and enter the corresponding values from your Okta configuration:

![](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/scope(1).png)

| **Okta** | **Document360** |
| --- | --- |
| Client ID | Client ID |
| Client Secret | Client Secret |
| Issuer URI | Authority |

> [!NOTE]
> NOTE
> 
> To find the Issuer URI in Okta, navigate to **Security** > **API.**

1. In the **Scope**(optional) field, type a scope value and click **+** to add it as a chip. This defines what user information or permissions Document360 requests from your identity provider.

You can add up to 3 scopes.
2. Ensure that the **Client ID** and **Client Secret** match the values generated in Okta.

![Okta Admin Console displaying client credentials and authentication options for applications.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/client id.png)

1. Click **Next** to proceed to the **SCIM provisioning**page.

### SCIM Provisioning

If SCIM is needed,

1. Turn on the **Enable SCIM provisioning** toggle. A confirmation dialog will appear, read the terms and click **Agree**.
2. The parameters required to complete the SCIM configuration in Okta will then be displayed.

![Configuration settings for SCIM provisioning and identity provider setup in a web interface.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/enable group sync(5).png)

1. Go to Okta, expand the **Applications**dropdown in the left navigation bar, and click **Applications**.
2. Click **Browse App Catalog** and search for **SCIM 2.0********(OAuth Bearer Token)**, then select**See all results**.

![Okta Admin Console displaying applications with options to create and browse app integrations.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/browse.png)

1. From the search results select **(OAuth Bearer Token) Governance with SCIM 2.0** and click **Add Integration.**

![Okta Admin Console displaying OAuth Bearer Token integration options with SCIM 2.0.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/add integration.png)

> [!NOTE]
> ******NOTE
> 
> Make sure to select the correct App. Do not select the Test app version.

1. In the**General Settings** page, you can change your **Application label**, and click **Next**.

![Okta Admin Console showing application settings and OAuth Bearer Token information.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/general(1).png)

1. Then click **Done**in the **Sign-On options** page.

> [!NOTE]
> ******NOTE
> 
> Configuration is not needed in this step as we have already configured OpenID in the previous steps. This app is created only for SCIM provisioning.

1. Navigate to **Provisioning**tab and select **Configure API Integration**.
2. Select the **Enable API Integration** checkbox and a set of fields will be displayed.
3. Enter the parameters from Document360 to Okta as shown below.

| Okta | Document360 |
| --- | --- |
| Base URL | SCIM Base URL |
| OAuth Bearer Token | Primary secret token |

![Okta Admin Console displaying successful OAuth Bearer Token verification and API integration options.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/test api(2).png)

> [!NOTE]
> ******NOTE
> 
> Do not click Test Connector Configuration yet. At this stage, SCIM provisioning will not work with Document360 because the SSO configuration set up is not completed in Document360.

1. Once you’re done, navigate back to Document360 to complete the configuration.

#### Assign default role

1. Turn on the Enable group sync toggle if needed.
2. In the **Default**role field, the role is set to **Contributor**by default. You can change this from the dropdown if needed.
3. In the **User groups** and **Reader groups** fields, select the groups you want to add. Multiple groups can be added, and they will inherit the default role you selected earlier.
4. Click **Next**to navigate to the**More Settings**page.

### More Settings

In the **More settings** page, configure the following:

- **SSO name**: Enter a name for the SSO configuration.
- **Customize login button**: Enter the text for the login button displayed to users.
- **Auto assign reader group:**This option is only available for existing SSO configurations. For newly created SSO configurations, the Auto assign reader group toggle will not be displayed as SCIM automatically provisions users and groups.
- **Sign out idle SSO user**: Toggle on/off based on your requirements.
- Choose whether to invite existing user and reader accounts to SSO.

![Settings for creating a new SSO with OpenID Okta configuration options displayed.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/more settings(3).png)

Click **Create** to complete the OpenID SSO configuration.

### Complete SCIM integration with Okta

To complete SCIM provisioning with Okta,

1. Navigate back to Okta page.
2. Click**Test API Credentials** and a success message should show up, confirming that the created SCIM app is integrated successfully.

![Okta Admin Console displaying successful OAuth Bearer Token verification and API integration options.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/test api(2).png)

1. Click **Save**.
2. Next, go to **Provisioning**tab and select **To App a**nd click **Edit**on the**Provisioning to App** section.
3. Select the following supported actions only.
  1. Create Users
  2. Update User Attributes
  3. Deactivate Users

![Okta Admin Console showing provisioning settings for SCIM 2.0 application integration.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/supported actions.png)

1. Then click **Save**.

SCIM Provisioning with Okta OpenID is configured successfully.

The **SSO configuration based on the OpenID**protocol has been configured using **Okta** successfully.

> [!NOTE]
> ******NOTE
> 
> For more information on how to manage users, readers and groups. Go to [Managing Users and Readers with SCIM in Okta](/help/docs/scim-with-okta).