Skip to content

Configure OIDC SSO with Okta for your organization

From version 1.42, Lightrun offers support for Single Sign-On (SSO) using Okta as your identity provider (IdP) by integrating Lightrun with OIDC (OpenID Connect protocol) integration in Okta.

Using OIDC, Lightrun functions as a service provider, receiving authentication information from Okta, acting as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdP's response.

Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.

The process of setting up SSO involves these main stages:

  • Setting up the Lightrun-OIDC integration in Okta.
  • Configuring and enabling SSO in the Lightrun Management Portal.

Set up the Lightrun OIDC integration in Okta

Step 1: Get Lightrun's Redirection URL

  1. Log in to your Lightrun account.
  2. Navigate to Identity and Access Management > Identity Configuration > Login Methods.
  3. To enable SSO, click the SSO toggle.

  4. Select OIDC as your SSO Protocol.

  5. From the Service Provider's Redirect URL field, click Copy.

    Copy Service Provider URL --half

    This field will serve as the redirect URL used when configuring the identity provider. Note that at this point, SSO is not enabled with OIDC in Lightrun and will be activated in the next steps.

Step 2: Set up a Lightrun Application in Okta

  1. Create a new application for Lightrun in Okta.

    a. Navigate to Connections > Applications and click the Create App Integration tab to create a new OIDC Application type.

    New OIDC App --half

    b. Under the Sign-in method, select OIDC - OpenID Connect.

    c. Under Application type, select Web Application.

    d. Click Next.

    The New Web App Integration page opens.

    Sign-in redirect URl --half

  2. In the Sign-in redirect URIs field, paste the Service Provider's Redirect URL you copied from the Lightrun SSO settings in the previous step.

  3. Click Save.

Step 3: Get Okta’s Identity Provider’s parameters

  1. Access the Okta management portal, select and go to the General > Client Credentials.

  2. From the Client ID, copy the value to be pasted in the Lightrun Management Portal.

  3. In the Client Authentication field, select Client secret.

    Sign-in redirect URL --half

  4. Under CLIENTS SECRETS, click Generate new secret and copy the secret to be pasted in the Lightrun Management Portal.

Proceed to configure the Lightrun OIDC settings in the Lightrun Management Portal.

Step 4: Set Up SSO OIDC using Okta in Lightrun

  1. Navigate to the Identity and Access Management > Identity Configuration > Login methods > SSO section.

  2. Select OIDC as your SSO protocol.

    set up SSO OIDC in Lightrun --half

  3. Paste the values you copied from Okta into the following fields.

    • Identity Provider’s Discovery URL: Manually enter the following URL, where <CUSTOMER_NAME_HERE> is the domain name of your Okta setup, as follows:

      https://<CUSTOMER_NAME_HERE>.okta.com/.well-known/openid-configuration

    • Identity Provider's Client ID: The unique identifier assigned to Lightrun by Okta.
    • Identity Provider’s Client Secret: The secret key assigned to Lightrun by Okta for the OIDC authentication. 4. Click Save.

Further reading

Last update: October 13, 2024