Setup Okta SSO

To set up Okta SSO, follow the instructions below.

Contents

  1. Requirements

  2. Supported Features

  3. Okta Configuration Steps
  4. Logging Into OpenPolicy Using Okta

1. Requirements

  • Admin access to an Okta organization.

2. Supported Features

  • Service Provider (SP)-Initiated Authentication (SSO) Flow: This authentication flow occurs when the user attempts to log in to the application from OpenPolicy.
  • SCIM Provisioning
    • Create Users.
      Users in Okta that are assigned to the OpenPolicy application in Okta are automatically added as members to your organization in OpenPolicy.
    • Deactivate Users.
      Users in Okta that are unassigned from the OpenPolicy application in Okta are automatically deleted as members to in organization in OpenPolicy.
    • Update User Attributes
      Updating user information(e.g. first name, last name) on Okta would automatically reflect in the OpenPolicy application.
    • Import Users
      This feature enables Okta to retrieve user accounts directly from OpenPolicy —either matching them with existing Okta profiles or creating new ones. Admins can initiate an import job, synchronize users into the Universal Directory, and review or confirm matches before onboarding. This feature facilitates scenarios where your app is a designated source of user records, allowing for seamless one-time or admin-triggered synchronization.

3. Okta Configuration Steps

  1. In Okta, navigate to Applications → Browse App Catalog, search for and add OpenPolicy.
    During the installation you will be required to add a "subdomain" varaible, request it from OpenPolicy support.

  2. If you intend to use SCIM - make sure to go to "Provisioning" tab and check the boxes in this photo:


Also, when using SCIM go to Provisioning->Integration

Go to "API Token" field and fill it in. you should receive it from OpenPolicy support.

The API token you received from OpenPolicy should look like "Bearer abc12345567789" and should be pasted including the word Bearer.

Contact Us

4. Assign the users that should be able to log into OpenPolicy:

  1. Go to the OpenPolicy App → Assignments tab
  2. Click the “Assign” button
    • Choose People if you wish to add specific people access to OpenPolicy
    • Choose Group if you want to give access to OpenPolicy to anyone in a specific group.
  3. Anyone that is assigned via Okta should be included in a list of emails sent to your OpenPolicy representative so that they could be configured to work.
    1. If you use SCIM - you do not need to send us a list of emails, it will be done automatically.
  4. Go to Applications -> OpenPolicy and provide your OpenPolicy representative with the following:
    1. Okta Domain
    2. Client ID
    3. Client Secret
    4. Company email domain (for example if your users have an email like joe@example.com - send us example.com)

5. Logging Into OpenPolicy Using Okta

  1. After being invited or created via SCIM - to OpenPolicy, go to https://app.openpolicy.co/
  2. You will be prompted for your email, you must use your organizational email that was included in the list above or was assigned via SCIM.

That’s it, should any questions arise don’t hesitate to contact your OpenPolicy representative. 

OpenPolicy is on a mission to democratise innovators access to policy
Home
Company
Resources
Contact us
© 2025 OpenPolicy
Privacy policy
Terms of use