Skip to main content

Integrating Okta SSO

Matt Rawls
Updated

Table of Contents

How Does It Work?

Overview of Required Scopes

Setup in Okta

Connect Okta from Within Findem

Enabling SSO Only Logins

Troubleshooting SSO Login Issues

How Does It Work?

Findem supports OIDC for Okta SSO. The Okta app integration allows end users in your org to use Single Sign-On (SSO) to provide a seamless authentication experience in Findem.
 

Overview of Required Scopes

  • openid

     - Identifies the request as an OpenID Connect request

  • profile

     - Requests access to the end user's default profile claims

  • email

     - Requests access to the email and email_verified claims

     

Note:

Findem does not support SAML-based integrations via Okta at this time. If your organization uses Okta for SSO and wishes to integrate with Findem, it must use OIDC.

 

Setup in Okta

  1. As the Okta Admin user, get started by heading to your Okta Admin Console (Applications > Applications) and clicking Create App Integration:
    okta 1.png
  2. Make the following selections: 
    1. Sign-in method: OIDC - OpenID Connect
    2. Application type: Web Application
    3. Click Next.
      okta 2.png
  3. Set the Redirect URIs and Authentication options: 
    1. App integration name: Findem.
    2. Grant type: Authorization Code.
    3. Sign-in redirect URIs: https://matches.findem.ai/auth/okta/callback
    4. Leave then other options blank/default and click Save.okta 3.png

Assign Users in Okta

Once you've successfully created the app, it's time to assign users to it from within Okta.

  1. From the app's main page in Okta, click Assignments > Assign > People
  2. Add each user you wish to log in to Findem via SSO. You can also add groups if your org has created groups.okta 4.png

OIDC Web App Summary in Okta

  1. From the app's main page, click the General tab.
  2. Copy and paste the Client ID somewhere you have easy access to. You will need it shortly.
  3. In the Client authentication section, choose Client secret, then Generate new secret. Copy and paste this code somewhere you'll remember and have easy access to. You'll need it shortly.okta 5.png
  4. From the Sign On tab, ensure the settings appear the same as the image below.okta 6.png

Connect Okta from Within Findem

Note:

The Okta Admin user will also need Findem Admin access in order to complete the integration steps.

  1. As the Okta Admin user, in Findem, navigate to Admin > Organization Settings.
    1. From the Security tab, click Connect Okta SSO.CleanShot 2023-11-09 at 13.45.43.png
    2. Enter the configuration values for:
      1. Domain: This is your org's your org's domain as represented in Okta {oktaid.okta.com}. Example: companyname.okta.com.
      2. Issuer: https://[okta id].okta.com. Example: https://[companyname].okta.com
      3. Client Id: Paste the Client ID you copied over from Okta
      4. Client Secret: Paste the secret code you generated from Okta
    3. Optionally, check the box for Enable API Access Management if your Okta environment is using it. Note, if you do check this option, you'll need to enter https://{okta id}.okta.com/oauth2/default in the Issuer field above.
    4. Click Save.

    5. Now your users will be able to log in to Findem via their Okta credentials.

       

SSO Only Logins

If you would like to force users of your Findem instance to only login with Okta, submit a request with Findem Support requesting this. Note that this change must be performed via our Engineering team and may take a few days to execute.

Once complete, the only method users can use to log into Findem with will be via your org's Okta SSO.

Troubleshooting SSO Login Issues

If you or your users are experiencing issues logging in through Single Sign-On (SSO), try the following troubleshooting steps:

  1. Verify that your Okta issuer and domain are correctly configured in the Findem settings
  2. Check if users can access the application through a direct browser link
  3. Contact your IT support team to review and update your SSO configuration settings

Password Reset with Okta SSO

When using Okta SSO with Findem, you cannot reset your password through a traditional email reset link. Instead:

  1. Navigate to https://app-next.findem.ai/.
  2. Enter your email address.
  3. You will be presented with an option to log in via Okta SSO.
  4. Use your organization's single sign-on method to access your account.

"Access denied" when using Okta SSO

If you see an "access denied" message when clicking your Findem account setup link or trying to log in via Okta, it usually means your organization's SSO/Okta setup hasn't granted you access to the Findem application yet. In most cases, your user account hasn't been added to the Okta application that provides access to Findem, so the SSO configuration is blocking you from completing setup.

Share the exact error message with your SSO/Okta or IT team (for example, "access denied") and let them know you were attempting to finish setting up or logging in to your Findem account. Ask them to confirm that:

  • You are assigned to the Okta application that grants access to Findem.
  • Your permissions within that application are configured appropriately.

Common Issue:

SSO login issues often occur due to misconfigured authentication settings, particularly incorrect Okta issuer or domain configuration. While users may still be able to access Findem directly through a browser, the SSO integration may require technical configuration adjustments by your IT support team.

Related articles

Comments

0 comments

Please sign in to leave a comment.