This article explains how to set up and use the SAML 2.0 Integration, an organization can rely on Single Sign-On, using Okta as the Identity Provider. And require employees to authenticate using Okta Users directory.
In this article:
How to connect the OpenID Connect integration
How to set up a new Okta application
Before you begin
Before proceeding, check out the initial How to configure OpenID article.
How to connect the OpenID Connect integration
To set up SSO using the OIDC protocol, you need to connect to the OpenID Connect integration. Only organization admins are able to connect integrations on behalf of the organization.
1. Select the Hub icon and click on the App tab once logged in
2. Look for OpenID Connect and click on it.
3. Now click on "Connect OpenId Connect" and enter the integration set up. Keep this screen open to get the values from Okta.
How to set up a new Okta application
To enable Deel to authenticate users via Okta using OIDC protocol, we'll need to create a new application, following these steps:
1. Go to Okta admin dashboard
2. Applications > Applications > Create App Integration
3. Select "OIDC - OpenID Connect" and "Web Application"
4. Enter the display name for the application, for example, "Deel". Upload a Deel logo from Deel's Brand Assets.
5. Leave sign-in redirect URIs as it is for now
6. Under "Assignments" choose the desired access control to the SSO Application and save.
7. After saving, the general settings for the application will be available. Copy the "Client ID" and paste it in Deel's integration settings.
8. Copy the "Client Secret" and also paste the value in Deel's integration settings.
9. Still in Deel's settings, enter Okta well-known URL. It should be https://<your-okta-domain>.okta.com/.well-known/openid-configuration (replace <your-okta-domain> with actual Okta domain). Click "Connect & Go To Settings".
10. The Single Sign-On configurations panel will now be available. Enter the name to identify the SSO method in an organization custom domain, and copy the Redirect URL.
11. Back to the Okta settings, click on General Settings "Edit" button.
12. Paste the redirect URL from Deel in "Sign-in redirect URIs".
13. Change "Login initiated by" to "Either Okta or App".
14. Select "Display application icon to users"
15. Paste the redirect URL from Deel on "Initiate login URL", and click "Save".
16. Back to Deel's SSO configuration, click on "Enable" to enable SSO login. Once enabled, the organization will require SSO for any employee to login.
To disable SSO at any given time, go back to this integration, and click on More > Disconnect.