How Do I Configure Okta?

This article describes the steps needed to enable Okta integration with Layer

Updated this week

Prerequisites

In order to enable the Okta integration, you need to have an active Enterprise plan with Layer. If you haven't already done so, please go to your workspace plan settings and subscribe to an Enterprise plan.

Supported Features

Layer's Okta integration supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

For OIDC Integration

  1. In Okta, Go to Applications β†’ Create App Integration.

  2. Choose OIDC as the Sign-in method. Choose Web Application as your Application Type. Click Next.

  3. Enter "https://auth.app.layer.ai/login/callback" into the Sign-in redirect URIs.

  4. Enter "https://app.layer.ai" into the Sign-out redirect URIs.

  5. If you'd like to be able to initiate login from Okta:

    1. Choose "Either Okta or App" for Login initiated by

    2. Set Application visibility checkboxes as needed

    3. Choose "Redirect to app to initiate login" for Login flow

    4. Enter "https://app.layer.ai/login" into the Initiate login URI

  6. Click Create.

  7. Assign the users or groups that should be able to log into Layer.

  8. Note the Client ID and Client Secret.

  9. Contact [email protected] with the following information:

    1. Okta Domain (looks like acme.okta.com)

    2. Client ID

    3. Client Secret

For SAML Integration

  1. In Okta, Go to Applications β†’ Create App Integration.

  2. Choose SAML 2.0 as the Sign-in method. Click Next.

  3. Enter "https://auth.app.layer.ai/login/callback?connection=<connection>" into the Single sign-on URL. Reach out to [email protected] to get the connection name for your workspace.

  4. Ensure Use this for Recipient URL and Destination URL is checked.

  5. Enter "backend" into the Audience URI (SP Entity ID).

  6. Click Create.

  7. Assign the users or groups that should be able to log into Layer.

  8. Contact [email protected] with the following information:

    1. Okta Domain (looks like acme.okta.com)

    2. Metadata URL

    3. SHA-2 SAML Signing Certificate

Did this answer your question?