OpenID Connect (OIDC)-based MFA as a Service - BETA


Note: This is a Beta feature. This feature should only be used in test and developer environments.
Please email with any questions or feedback regarding this feature.

Follow the steps below to setup an OIDCOpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID application in Okta and provide the artifacts (Okta org URL, clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. _id, client_secret) to your application.

Configure Okta

Configure Your Application

References and Notes

Nonce implementation notes:

The requesting application (RP) should bind the nonce to the "session" its own side (by generating the nonce from a hash of the local "session id" if possible). It should then verify that the nonce which came back inside the signed ID token matches the one it sent in on the authorize request.

Request exp should allow sufficient time for clock skew and latency