Skip to main content

Okta (OIDC)

This guide walks you through configuring Okta OIDC SSO using a temporary super admin API token. Glean uses the token to create the OIDC app in your Okta instance and assign it to all users automatically.

info

If your organization prefers to create the OIDC app manually without providing an API token, see Okta OIDC SSO tokenless setup.

Prerequisites

Before you begin, ensure you have:

  • An active Okta administrator account with super admin privileges and permissions to create API tokens.
  • Access to your Glean admin account with Admin or Setup Admin roles.
warning

Glean restricts SSO authentication to domains that have been pre-approved. Ensure that you have notified Glean of all domains that will be used for user authentication (e.g., company.com, company.co.jp, subsidiary.co) or SSO will fail.

Create a temporary API token in Okta

The API token allows Glean to create the SSO app on your behalf. The token is only used during setup and should be deleted afterward.

  1. Sign in to Okta as a super admin. Copy your Okta domain URL from the address bar and paste it into the Okta Domain URL field in Glean. For example, https://YourOktaSubdomain-admin.okta.com.

  2. In the left navigation panel, under Admin Console, go to Security > API > Tokens and click Create Token.

  3. In the Create token window, under What do you want your token to be named field, name the token Glean.

  4. Select Any IP under API calls made with this token must originate from.

  5. Click Create token.

  6. Copy the Token Value. Save it for later.

Enter your Okta details in the Glean admin console

  1. In the console, go to Users & permissions > Single sign-on (SSO).

  2. Select Okta SSO.

  3. In the Okta domain URL field, enter your Okta subdomain.

    • Example admin URL: https://yourcompany-admin.okta.com

  4. In the API token field, paste the temporary API token you created in Okta.

  5. Optionally, choose to assign a bookmark app for all users.

  6. Click Save. Glean uses the temporary API token to create the required Okta apps for setup.

  7. Return to Okta and revoke or delete the temporary API token.

© 2026, Glean Technologies, Inc.
Last updated on