All Collections
Enterprise Authentication
Enterprise Authentication - Open ID Connect Setup
Enterprise Authentication - Open ID Connect Setup

Integrate Astrato enterprise authentication with Open ID Connect

Piers Batchelor avatar
Written by Piers Batchelor
Updated over a week ago


This article shows you how to integrate Open ID Connect (OIDC) with the Astrato enterprise authentication function. We're using OKTA as an example.


Setup Information

There are several stages to the setup process, so we've listed them here for you. In the instructions for each stage we've included a Checklist listing any information you need to enter, and any information you'll need to collect to complete the setup.

  • OKTA - You'll need to set up your OKTA workspace using the admin console app integration wizard, and generate a Client ID and Client secret to add in Astrato.

  • Astrato - The Astrato set up is managed in the Open ID Connect Setup page in the Enterprise Authentication section of the Administration pages. You'll need to enter a Connection Name, Issuer URL, Client ID, Client Secret and Identity provider domain.



  • Access to the OKTA Admin Console for your organization.

  • Your organization name and location.

  • App links - home page.

  • The Callback URL listed in the Setup page for OIDC in Astrato.

Create App Integration

To start the setup for OKTA, open the app integration wizard in the admin console (Figure 1).

  1. Open Applications in the left navigation menu, then select the Applications option.

  2. Click Create App Integration to open the create screen.

  3. Select OIDC as the Sign-in method.

  4. Select Web Application as the Application type, then click Next.

Figure 1: Create App Integration

Web App Settings

  1. When the New Web App Integration screen opens (Figure 2), enter the App integration name.

  2. Select Authorization Code as a Grant type.

  3. In Sign-in redirect URIs, enter the Callback URL listed on the Setup page in Astrato.

  4. In Sign-out redirect URIs, enter the URL for the app homepage.

  5. Select the Controlled access option that suits your organization best in Assignments, then click Save.

Figure 2: New Web App Integration


Once the settings are saved, the summary page should open, which contains the information you'll need to complete the setup.

In Client Credentials (Figure 3) note down the Client ID and Client secret.

Figure 3: Client Credentials

In General Settings (Figure 4) note down the Okta domain (this is the Issuer URL you'll need to complete the setup. You'll also see a list of the app integration settings in this section.

Figure 4: General Settings



  • The Client ID, Client Secret and Okta domain (Issuer URL) you've created in the OKTA setup.

Setup Page

  • Login to the Astrato site.

  • Navigate to the Open ID Connect integration page using

    Administration > Enterprise Authentication > Open ID Connect (Figure 5).

Figure 5: Open ID Connect

Open the Setup page (Figure 6), and enter the configuration information:

  1. Connection name - this should be unique.

  2. Issuer URL - enter the value generated in OKTA.

  3. Client ID - enter the value generated in OKTA.

  4. Client secret - enter the value generated in OKTA.

  5. Identity URL - enter the domain name you've used for the setup.

  6. Click Create to save the setup details. You should receive a confirmation that the connection has been enabled.

Figure 6: Astrato Set Up


If you need to delete the connection, go to the bottom of the page, click Delete and confirm the deletion when the pop up opens (Figure 7). Once the connection has been deleted, you'll see the Connect option appear again.

Figure 7: Delete Connection

SSO Login

Note: Once the connection has been enabled, your users will have to login to Astrato using the SSO Screen. Any logins from other locations (e.g. LinkedIn) will return an error.

Enterprise Authentication Articles

You can find articles on Enterprise Authentication for Astrato in the Administration articles collection, including an Introduction and setup articles for other integrations.

Did this answer your question?