Okta SSO (OIDC)

Overview

Sumble supports Single Sign-On (SSO) via Okta, allowing your team to log in to Sumble using their existing Okta credentials. Once configured, users can authenticate through Okta instead of using email-based login methods.

Optionally, SSO can be enforced so that all users on your domain must log in through Okta, blocking Google OAuth and Magic Link authentication.

Prerequisites

• Access to the Okta Admin Console

• An Okta plan that supports OIDC (OpenID Connect) applications

Step 1: Create the Okta Application

1. In Okta Admin Console, go to Applications > Create App Integration

2. Select OIDC - OpenID Connect and Web Application

3. Set the Sign-in redirect URI to: https://sumble.com/account/login/okta/callback

4. Under Assignments, assign the users or groups who should have access to Sumble

5. Complete the setup and copy the Client ID and Client Secret

6. Find your Issuer URL: Go to Security > API > Authorization Servers, select your server (usually "default"), and copy the Issuer URI (e.g., https://your-org.okta.com/oauth2/default)

Step 2: Configure the Access Policy

Ensure the authorization server has an Access Policy that allows your Sumble application:

1. Go to Security > API > Authorization Servers > [your server] > Access Policies

2. Either add your Sumble app to an existing policy, or create a new policy

3. The policy must allow the following scopes: openid, email, profile

Step 3: Share Credentials with Sumble

Share the following with your Sumble Customer Success Manager:

• Client ID

• Client Secret

• Issuer URL (from Security > API > Authorization Servers)

The Issuer URL must come from Security > API > Authorization Servers, not just your Okta domain. For example, https://your-org.okta.com/oauth2/default rather than https://your-org.okta.com.

Your Sumble Customer Success Manager will configure SSO on your account and confirm when it's ready to test.

Step 4: Add Sumble to Your Okta Dashboard (Optional)

After SSO is configured by Sumble, you can allow users to launch Sumble directly from their Okta app dashboard:

1. In Okta Admin Console, go to the Sumble application settings

2. Under General > Login, set:

   • Login initiated by: Either Okta or App

   • Initiate login URI: Your Sumble Customer Success Manager will provide this URL after setup

3. Save the settings

4. Users will now see Sumble in their Okta app dashboard

SSO Enforcement (Optional)

Once SSO has been successfully tested (at least one user must log in via Okta), you can optionally request that SSO be enforced for your organization. When enforcement is enabled:

• Google OAuth login is blocked for users on your domain and will redirect them to Okta

• Magic Link login is blocked for users on your domain

• All users must authenticate through Okta

To enable or disable SSO enforcement, contact your Sumble Customer Success Manager.

Book a time to chat with us