search
HomepageCase studiesBook a demo

Okta

This guide explains how to enable Single Sign-On (SSO) login via Okta in Open Loyalty.

hashtag
Prerequisites

Ensure you have the access to the following:

  • An active Open Loyalty instance.

  • Administrator access to your Okta tenant.

  • Basic understanding of OIDC and SSO concepts.

hashtag
Step-by-Step Configuration

hashtag
Verify Settings in Open Loyalty

1

hashtag
Verify Admin Email Addresses

Ensure that the email address you want to use for SSO login does not already exist in the Open Loyalty portal.

triangle-exclamation

If an email address for the admin already exists in Open Loyalty, the SSO login will not function for that account. To enable SSO for a user, ensure there are no conflicts.

For instance, you could deactivate admin users logging in with email and password, update their email addresses by adding a suffix (e.g., "-old"), and then ask the admin users to log in via SSO.

2

hashtag
Configure the Default Role

  1. Log in to the Open Loyalty admin panel.

  2. Go to Settings > Roles.

  3. Choose the role you want to set as a default role. Click on Edit.

  4. Set a Default Role for new users logging in through SSO. This role will be assigned to newly created users and can be changed later if needed.

hashtag
Configure OKTA

1

hashtag
Sign in to Okta Admin Console

Navigate to https://your-domain.okta.com and log in with an administrator account.

2

hashtag
Create a New Application Integration

  • In the Admin Console, go to Applications > Applications.

  • Click Create App Integration.

  • Choose:

    • Sign-in method: OIDC - OpenID Connect

    • Application type: Single-Page Application

  • Click Next.

3

hashtag
Configure the Application

  • App integration name: (e.g. Open Loyalty)

  • Sign-in redirect URIs:

  • Sign-out redirect URIs (optional):

    • https://your-production-domain.com

  • Assign Users to the Application

    • In the Assignments tab of the application, click Assign.

    • Choose Assign to People or Assign to Groups.

    • Select the users or groups who should have access to the application.

  • Click Save.

hashtag
Share Details with Open Loyalty

1

hashtag
Share SSO Details with Open Loyalty

  • Provide the Open Loyalty team with the following details:

    • Client ID

    • Sign-in redirect URIs

    • Sign-out redirect URIs

  • The Open Loyalty team will enable SSO using the provided details.

2

hashtag
Test the Integration

  1. Use the Continue with OIDC button on the login page.

  2. Authenticate with OIDC using a user account.

  3. Verify that the user is successfully logged in and has been assigned the default role.

hashtag
Notes

  • Ensure that the Default Role is configured appropriately to avoid granting unintended permissions to new users.

  • If an email address already exists in Open Loyalty, the SSO login will not work for that account. Ensure there are no conflicts before enabling SSO for a user.

hashtag
Troubleshooting

  • If login fails, double-check the URL and Client ID configuration.

  • Ensure the callback URL is correctly set in Okta.

  • Verify that the Okta application has been configured to allow the Open Loyalty URL.

Last updated

Was this helpful?