Okta

This guide explains how to enable Single Sign-On (SSO) login via Okta in Open Loyalty.

Last updated 29 days ago

Was this helpful?

Okta

This guide explains how to enable Single Sign-On (SSO) login via Okta in Open Loyalty.

Prerequisites

Ensure you have the access to the following:

An active Open Loyalty instance.
Administrator access to your Okta tenant.
Basic understanding of OIDC and SSO concepts.

Step-by-Step Configuration

Verify Settings in Open Loyalty

Verify Admin Email Addresses

Ensure that the email address you want to use for SSO login does not already exist in the Open Loyalty portal.

If an email address for the admin already exists in Open Loyalty, the SSO login will not function for that account. To enable SSO for a user, ensure there are no conflicts.

For instance, you could deactivate admin users logging in with email and password, update their email addresses by adding a suffix (e.g., "-old"), and then ask the admin users to log in via SSO.

Configure the Default Role

Log in to the Open Loyalty admin panel.
Go to Settings > Roles.
Choose the role you want to set as a default role. Click on Edit.
Set a Default Role for new users logging in through SSO. This role will be assigned to newly created users and can be changed later if needed.

Configure OKTA

Navigate to https://your-domain.okta.com and log in with an administrator account.

Create a New Application Integration

In the Admin Console, go to Applications > Applications.
Click Create App Integration.
Choose:
- Sign-in method: OIDC - OpenID Connect
- Application type: Single-Page Application
Click Next.

Configure the Application

App integration name: (e.g. Open Loyalty)
Sign-in redirect URIs:
- (or your production redirect URI)
Sign-out redirect URIs (optional):
- https://your-production-domain.com
Assign Users to the Application
- In the Assignments tab of the application, click Assign.
- Choose Assign to People or Assign to Groups.
- Select the users or groups who should have access to the application.
Click Save.

Provide the Open Loyalty team with the following details:
- Client ID
- Sign-in redirect URIs
- Sign-out redirect URIs
The Open Loyalty team will enable SSO using the provided details.

Test the Integration

Use the Continue with OIDC button on the login page.
Authenticate with OIDC using a user account.
Verify that the user is successfully logged in and has been assigned the default role.

Notes

Ensure that the Default Role is configured appropriately to avoid granting unintended permissions to new users.
If an email address already exists in Open Loyalty, the SSO login will not work for that account. Ensure there are no conflicts before enabling SSO for a user.

Troubleshooting

If login fails, double-check the URL and Client ID configuration.
Ensure the callback URL is correctly set in Okta.
Verify that the Okta application has been configured to allow the Open Loyalty URL.

Last updated 29 days ago

Was this helpful?

Prerequisites

Ensure you have the access to the following:

An active Open Loyalty instance.
Administrator access to your Okta tenant.
Basic understanding of OIDC and SSO concepts.

Step-by-Step Configuration

Verify Settings in Open Loyalty

Verify Admin Email Addresses

Ensure that the email address you want to use for SSO login does not already exist in the Open Loyalty portal.

If an email address for the admin already exists in Open Loyalty, the SSO login will not function for that account. To enable SSO for a user, ensure there are no conflicts.

For instance, you could deactivate admin users logging in with email and password, update their email addresses by adding a suffix (e.g., "-old"), and then ask the admin users to log in via SSO.

Configure the Default Role

Log in to the Open Loyalty admin panel.
Go to Settings > Roles.
Choose the role you want to set as a default role. Click on Edit.
Set a Default Role for new users logging in through SSO. This role will be assigned to newly created users and can be changed later if needed.

Configure OKTA

Navigate to https://your-domain.okta.com and log in with an administrator account.

Create a New Application Integration

In the Admin Console, go to Applications > Applications.
Click Create App Integration.
Choose:
- Sign-in method: OIDC - OpenID Connect
- Application type: Single-Page Application
Click Next.

Configure the Application

App integration name: (e.g. Open Loyalty)
Sign-in redirect URIs:
- (or your production redirect URI)
Sign-out redirect URIs (optional):
- https://your-production-domain.com
Assign Users to the Application
- In the Assignments tab of the application, click Assign.
- Choose Assign to People or Assign to Groups.
- Select the users or groups who should have access to the application.
Click Save.

Provide the Open Loyalty team with the following details:
- Client ID
- Sign-in redirect URIs
- Sign-out redirect URIs
The Open Loyalty team will enable SSO using the provided details.

Test the Integration

Use the Continue with OIDC button on the login page.
Authenticate with OIDC using a user account.
Verify that the user is successfully logged in and has been assigned the default role.

Notes

Ensure that the Default Role is configured appropriately to avoid granting unintended permissions to new users.
If an email address already exists in Open Loyalty, the SSO login will not work for that account. Ensure there are no conflicts before enabling SSO for a user.

Troubleshooting

If login fails, double-check the URL and Client ID configuration.
Ensure the callback URL is correctly set in Okta.
Verify that the Okta application has been configured to allow the Open Loyalty URL.

Prerequisites

Step-by-Step Configuration

Verify Settings in Open Loyalty

Verify Admin Email Addresses

Configure the Default Role

Configure OKTA

Sign in to Okta Admin Console

Create a New Application Integration

Configure the Application

Share Details with Open Loyalty

Share SSO Details with Open Loyalty

Test the Integration

Notes

Troubleshooting

Prerequisites

Step-by-Step Configuration

Verify Settings in Open Loyalty

Verify Admin Email Addresses

Configure the Default Role

Configure OKTA

Sign in to Okta Admin Console

Create a New Application Integration

Configure the Application

Share Details with Open Loyalty

Share SSO Details with Open Loyalty

Test the Integration

Notes

Troubleshooting