Okta OIDC Setup Guide

Example instructions for setting up Okta as a single sign-on source via OIDC.

If you'd like to set up the ability to sign in to your Spacelift account using an OIDC integration with Okta, you've come to the right place. This example will walk you through the steps to get this setup, and you'll have single sign-on running in no time!

Pre-requisites

• Spacelift account, with access to admin permissions

• Okta account, with permission to create Okta App Integrations

Please note you'll need to be an admin on the Spacelift account to access the account settings to configure Single Sign-On.

Configure Account Settings

You'll need to visit the Spacelift account settings page to set up this integration, from the navigation side bar menu, select "Settings."

Setup OIDC

Next, you'll want to click the Set Up box underneath the "OIDC Settings" section. This will expand some configuration we will need to fill out in a few minutes, which we will be obtaining from Okta. For now copy the authorized redirect URL as we will need to provide Okta this URL when configuring our Okta App Integration.

Okta: Select Applications

In a new browser tab, open your Okta account. Select the Applications link from the navigation.

Select Applications

Okta: Create App Integration

Click the "Create App Integration" button. For the sign in type, ensure you select OIDC - for the application type, select Web Application.

Click Create App Integration

Select OIDC and Web Application, Click Next

Okta: Configure App Integration

Give your app integration a name - Spacelift sounds like a good one 👏

Remember the authorized redirect URL we copied earlier from Spacelift? We'll need that in this step. You'll want to paste that URL into the Sign-in redirect URIs input as shown.

As far as the assignments for this app integration, that's up to you at the end of the day. This determines what users from your Okta account will be able to access Spacelift. Click Save.

Configure Okta App Integration

Okta: Configure Group Claim

Click on the Sign On tab within your newly created Okta App Integration,

You'll need to edit the groups claim type to return groups you consider useful in Spacelift Login Policies. For testing purposes, you could set it to Matches regex with .* for the regex value.

Configure OIDC Settings

Switch back to the General tab. Now that we have the Okta App Integration setup, we'll need to take the Client ID, Client Secret, and Okta domain, to configure the Spacelift OIDC Settings.

The Okta Domain will be set as the "Provider URL" in your Spacelift OIDC settings. Ensure that you prefix this URL with https://

Copy/Paste the values into your Spacelift OIDC Settings

Okta OIDC Setup Completed

That's it! Your OIDC integration with Okta should now be fully configured. Feel free to make any changes to your liking within your Okta App Integration configuration for the app that you just created.