Company administrators have the ability to configure an Identity Provider to power Single Sign On (SSO). This article details how to configure Okta as the Identity Provider to facilitate SSO with the Oyster application.

Supported Features

• Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Oyster HR.
• Identity Provider (IDP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to Oyster HR from Okta.
• Automatic account deletion in Oyster app when a user is removed from an Okta application.

Configuration Steps

The following documents the configurations for setting up the OIDC integration between Oyster and Okta. Okta is the Identity Provider (IDP) and depending on the use case, the user will be redirected to Okta for authentication if no session has been established.

Requirements

In order to proceed with configuring login with SSO through Okta, you must:

• Have access to an Okta tenant
• Be an Okta administrator to that tenant
• Have a company administrator account on the Oyster app

Important note

1. You won’t be able to enable the Okta integration is at least one of the users on your company is already linked to another Okta instance, other than the one you want to enable. This can happen when one of your users is a company administrator, team manager or a team member that is also an administrator for another company that uses another Okta instance.
2. Once the Okta integration is enabled, it can’t be turned off from the user interface, this should be done via a request raised to Oyster support.