Add an Okta Identity Provider

Early Access release

The Okta Integration Identity Provider (IdP) allows you to use an Okta org as an external IdP, enabling user authentication and provisioning between two connected orgs. This simplifies the configuration of Org2Org integrations and provides secure defaults.

  1. In the Admin Console, go to SecurityIdentity Providers.

  2. Click Add identity provider. The Select an identity provider page appears.

  3. Click Okta Integration IdP and then click Next. The Configure Okta Integration IdP page appears.

  4. Configure the General settings options.

    Name Enter a name for this IdP.
    Okta IdP Org URL Enter the URL of the Okta IdP org.

  5. In the Client details section, enter the Client ID of the Org2Org app in the Client ID field.

  6. Configure the Authentication Settings options.

    IdP username Using the Okta Expression Language, specify how to construct the IdP username.
    Filter Select Only allow usernames that match defined RegEx Pattern, and then enter a RegEx pattern.
    Match against From the dropdown menu, select the user attribute to match against the IdP username.
    Account link policy Select Enable automatic linking to automatically link matching IdP and Okta accounts.
    Auto-link filters If you selected Enable automatic linking, select which users are available for account linking. To include groups, select Include specific groups and enter the group names. To exclude users, select Exclude specific users and enter the name of the user. To exclude admins, select Exclude admins.
    If no match is found Select either Create new user (JIT) or Redirect to Okta sign-in page to determine what happens if there's no matching user.

  7. If you selected Create new user (JIT) in the previous step, configure the JIT Settings options.

    Profile Source Select Update attributes for existing users to determine whether the IdP should act as the source of truth for user attributes.
    Group Assignments From the dropdown menu, select either None or Assign to specific groups to determine the behavior of groups during provisioning.
    Specific Groups If you selected Assign to specific groups, enter the names of the groups into the Specific Groups field.

  8. Click Finish.