Okta

This guide explains how to enable Single Sign-On (SSO) login via Okta in Open Loyalty.

Prerequisites

Ensure you have the access to the following:

  • An active Open Loyalty instance.

  • Administrator access to your Okta tenant.

  • Basic understanding of OIDC and SSO concepts.

Step-by-Step Configuration

Verify Settings in Open Loyalty

1

Verify Admin Email Addresses

Ensure that the email address you want to use for SSO login does not already exist in the Open Loyalty portal.

2

Configure the Default Role

  1. Log in to the Open Loyalty admin panel.

  2. Go to Settings > Roles.

  3. Choose the role you want to set as a default role. Click on Edit.

  4. Set a Default Role for new users logging in through SSO. This role will be assigned to newly created users and can be changed later if needed.

Configure OKTA

1

Sign in to Okta Admin Console

Navigate to https://your-domain.okta.com and log in with an administrator account.

2

Create a New Application Integration

  • In the Admin Console, go to Applications > Applications.

  • Click Create App Integration.

  • Choose:

    • Sign-in method: OIDC - OpenID Connect

    • Application type: Single-Page Application

  • Click Next.

3

Configure the Application

  • App integration name: (e.g. Open Loyalty)

  • Sign-in redirect URIs:

  • Sign-out redirect URIs (optional):

    • https://your-production-domain.com

  • Assign Users to the Application

    • In the Assignments tab of the application, click Assign.

    • Choose Assign to People or Assign to Groups.

    • Select the users or groups who should have access to the application.

  • Click Save.

Share Details with Open Loyalty

1

Share SSO Details with Open Loyalty

  • Provide the Open Loyalty team with the following details:

    • Client ID

    • Sign-in redirect URIs

    • Sign-out redirect URIs

  • The Open Loyalty team will enable SSO using the provided details.

2

Test the Integration

  1. Use the Continue with OIDC button on the login page.

  2. Authenticate with OIDC using a user account.

  3. Verify that the user is successfully logged in and has been assigned the default role.

Notes

  • Ensure that the Default Role is configured appropriately to avoid granting unintended permissions to new users.

  • If an email address already exists in Open Loyalty, the SSO login will not work for that account. Ensure there are no conflicts before enabling SSO for a user.

Troubleshooting

  • If login fails, double-check the URL and Client ID configuration.

  • Ensure the callback URL is correctly set in Okta.

  • Verify that the Okta application has been configured to allow the Open Loyalty URL.

Last updated

Was this helpful?