This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.

Generic OpenID Connect

Generic OpenID Connect allows usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. to login to an Okta orgThe Okta container that represents a real-world organization. with their existing account at an OIDC Identity Provider (IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.), like Yahoo, Salesforce, or your own custom OIDC IdP. A list of tested IdPs is available in the FAQ.

Specifically, this beta version enables the following:

Important: The released feature may not have the same interfaces, data structures, or limitations as this beta version. Do not use this version in production applications or environments at this time.

All questions, comments, and concerns should be directed to Aarish Grover at In addition, all feedback is appreciated. If you have an Okta CSM, include the CSM on the message. Please do not contact Okta Support; the support team does not support beta programs.

The feedback period for this beta version is expected to end in October 2018. Okta appreciates your timely feedback!


This beta version only supports identity providers that support OIDC. Many providers support OAuth2, but have not added support for OIDC, which runs on top of OAuth2. Please refer to the FAQs for details about which IdPs have been tested.

Step-by-step Configuration Guide

There are seven parts to the configuration, including prerequisites and testing. Answers to frequently asked questions are also provided.