OKTA SSO Configuration Guide (OIDC)

Prerequisites

• You must have admin access to your Okta organisation.

• You need a gospace account with admin privileges, to have verified the Okta domain in admin settings.

Configuration steps

1. Sign in to your Okta Admin Console.

2. Navigate to "Applications" > "Applications".

3. Click "Create App Integration".

4. Select "OIDC - OpenID Connect" as the Sign-in method, and "Web Application" as the Application type.

5. Click "Next".

6. Fill in the following details:

   1. App integration name: "gospace"

   2. Sign-in redirect URIs: https://app.gospace.app/auth/login

   3. Sign-out redirect URIs: https://app.gospace.app/

   4. Controlled access: Select "Allow everyone in your organisation to access"

7. Click "Save".

8. Navigate to the "Sign On" tab and scroll down to the "OpenID Connect ID Token" section.

9. Ensure that "Include in ID Token" is selected for both "Groups claim type" and "Group claims filter".

10. Set "Groups claim type" to "Filter".

11. In "Group claims filter", enter the Okta group that contains your gospace users.

12. Click "Save".

13. Return to your Okta Admin Console and assign the gospace application to the appropriate users or groups.

SP-initiated SSO

To initiate SSO from gospace:

2. Click "Continue with Okta".

3. You will be redirected to the Okta sign-in page.

4. Enter your Okta credentials.

5. After successful authentication, you will be redirected back to gospace.

Troubleshooting

• Ensure that the Redirect URI in both Okta and gospace configurations match exactly.

• Check that users are correctly assigned to the gospace application in Okta.

• If you encounter any issues, please contact gospace support