Okta OIDC SSO Tokenless Setup
This guide provides step-by-step instructions for configuring Okta with OIDC as your SSO provider for Glean, by manually setting up client credentials.
Prerequisites
- Before beginning the setup process, ensure that Glean support has enabled the tokenless setup flow for Okta.
- Ensure that you have:
- An active Okta administrator account
- Access to your Glean admin account with Admin or Setup Admin roles
Create the SSO app in Okta
-
Sign in to Okta as a super admin. Navigate to Applications > Create App Integration
-
Select "OIDC - OpenID Connect" and configure the following:
- Application Platform: Web
- Sign-on Method: OpenID Connect
- Application Name: Glean
- Application Logo: Link
- Sign-in Redirect URIs:
https://<your-deployment>-be.glean.com/authorization-code/callback?isExtension=1https://<your-deployment>-be.glean.com/authorization-code/callback
-
Under Allowed Grant Types, make sure that both "Authorization Code" and "Refresh Token" are checked.
-
Under Assignments, assign the application according to who you want to have access to Glean.
Set up Okta SSO in Glean Admin Console
-
Navigate to the Authentication page in Glean Admin Console and click on Okta SSO.
-
Copy the Client ID from Okta and paste it in the corresponding field on the setup page in Glean Admin Console.
-
Copy the Client secret of the app you just created from Okta and paste it in the corresponding field on the setup page in Glean Admin Console.
-
Check the URL of your Okta instance. Copy the {yourOktaDomain} part of the URL:
https://{'{yourOktaDomain}'}-admin.okta.com. Paste it into the Okta Domain field in Glean. -
Click Save.
Grant access to Glean in Okta
-
In the Okta app, assign the employees who need access to Glean.
-
A bookmark app adds a webpage link to the Okta home screen.
- Follow Okta’s guide to create one. Use https://app.glean.com as the URL.
- Assign it to the same users as the SSO app to ensure seamless access.