Generic OpenID Connect

Generic OpenID Connect (OIDC) allows users to sign in to an Okta org using their credentials from their existing account at an OIDC Identity Provider (IdP). A generic OIDC IdP can be a third-party IdP that supports OIDC, such as Salesforce or Yahoo, or your own custom IdP. You can also configure federation between Okta orgs using OIDC as a replacement for SAML.

If you want your users to be able to sign in using an existing credentials database and sync their accounts the external IdP user directory, configure your Okta org to use a generic OIDC IdP.

Features

Configuring a generic OIDC IdP allows you to use the following features:

• User Registration: Capture the profile attributes from a generic OIDC IdP user and store them in Okta's Universal Directory.
• User Authentication: After a user is registered, continue to use that generic OIDC IdP for user authentication. This eliminates the need to store an additional credentials for that user.
• Profile Sync: If a user updates their profile, those changes can be reflected inside Okta the next time that they use the IdP to sign in.
• Support for Multiple Social Profiles: Multiple social profiles can all be linked to one Okta user.
• OAuth 2.0 Scope Configuration: Specify OAuth 2.0 scopes to fully control which attributes are linked to Okta.

For detailed information on usage and set up, see Generic OpenID Connect Identity Providers.