# Okta SSO (OIDC)

### Overview

Sumble supports Single Sign-On (SSO) via Okta, allowing your team to log in to Sumble using their existing Okta credentials. Once configured, users can authenticate through Okta instead of using email-based login methods.

Optionally, SSO can be enforced so that all users on your domain must log in through Okta, blocking Google OAuth and Magic Link authentication.

***

### Prerequisites

* Access to the Okta Admin Console
* An Okta plan that supports OIDC (OpenID Connect) applications

***

### Step 1: Create the Okta Application

1. In Okta Admin Console, go to **Applications** > **Create App Integration**
2. Select **OIDC - OpenID Connect** and **Web Application**
3. Set the **Sign-in redirect URI** to:

```
https://sumble.com/account/login/okta/callback
```

4. Under **Assignments**, assign the users or groups who should have access to Sumble
5. Complete the setup and copy the **Client ID** and **Client Secret**

***

### Step 2: Share Credentials with Sumble

Share the following with your Sumble contact:

* **Client ID**
* **Client Secret**
* **Issuer URL** — your Okta domain, e.g. `https://your-org.okta.com`

{% hint style="info" %}
The Issuer URL is just your Okta domain (the "Org Authorization Server").

If your organization has API Access Management and prefers to use a Custom Authorization Server, you can instead provide its Issuer URI (e.g. `https://your-org.okta.com/oauth2/default`). In that case, make sure the server's Access Policy allows the Sumble app and the `openid`, `email`, and `profile` scopes.
{% endhint %}

Your Sumble contact will configure SSO on your account and confirm when it's ready to test.

***

### Step 3: Add Sumble to Your Okta Dashboard (Optional)

After SSO is configured by Sumble, you can allow users to launch Sumble directly from their Okta app dashboard:

1. In Okta Admin Console, go to the Sumble application settings
2. Under **General** > **Login**, set:
   * **Login initiated by**: Either Okta or App
   * **Initiate login URI**: Your Sumble contact will provide this URL after setup
3. Save the settings
4. Users will now see Sumble in their Okta app dashboard

***

### SSO Enforcement

Once SSO has been successfully tested (at least one user must log in via Okta), you can optionally request that SSO be enforced for your organization. When enforcement is enabled:

* Google OAuth login is blocked for users on your domain
* Magic Link login is blocked for users on your domain
* All users must authenticate through Okta

To enable or disable SSO enforcement, contact your Sumble representative.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sumble.com/enterprise-services/integrations/okta-sso-oidc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.