Configure OIDC SSO with Okta for your organization¶

From version 1.42, Lightrun offers support for Single Sign-On (SSO) using Okta as your identity provider (IdP) by integrating Lightrun with OIDC (OpenID Connect protocol) integration in Okta.

Using OIDC, Lightrun functions as a service provider, receiving authentication information from Okta, acting as the external identity provider. When SSO is enabled, Lightrun delegates authentication requests to the customer's IdP and grants users access to Lightrun in accordance with the IdP's response.

Once you have set up your SSO with OIDC, proceed to create your Lightrun users in the User Management page.

The process of setting up SSO involves these main stages:

Setting up the Lightrun-OIDC integration in Okta.
Configuring and enabling SSO in the Lightrun Management Portal.

Set up the Lightrun OIDC integration in Okta¶

Step 1: Get Lightrun's Redirection URL¶

Log in to your Lightrun account.
Click Settings on the top right-hand side of menubar.
Set OIDC as your SSO Protocol based on your version:
- For version 1.54 and higher.
  1. Navigate to the Identity Configuration > Login Method tab.
  2. From the list, select Single Sign-On (SSO).
  3. Select OIDC as your SSO protocol.
- For version 1.53 and earlier.
  1. Navigate to the Identity and Access Management > Identity Configuration > Provisioning
  2. Click SSO toggle to enable SSO.
  3. Select OIDC as your SSO Protocol.
From the Service Provider's Redirect URL field, click Copy.

This field will serve as the redirect URL used when configuring the identity provider. Note that at this point, SSO is not enabled with OIDC in Lightrun and will be activated in the next steps.

Step 2: Set up a Lightrun Application in Okta¶

Create a new application for Lightrun in Okta.

a. Navigate to Connections > Applications and click the Create App Integration tab to create a new OIDC Application type.

b. Under the Sign-in method, select OIDC - OpenID Connect.

c. Under Application type, select Web Application.

d. Click Next.

The New Web App Integration page opens.
In the Sign-in redirect URIs field, paste the Service Provider's Redirect URL you copied from the Lightrun SSO settings in the previous step.
Click Save.

Step 3: Get Okta’s Identity Provider’s parameters¶

Access the Okta management portal, select and go to the General > Client Credentials.
From the Client ID, copy the value to be pasted in the Lightrun Management Portal.
In the Client Authentication field, select Client secret.
Under CLIENTS SECRETS, click Generate new secret and copy the secret to be pasted in the Lightrun Management Portal.

Proceed to configure the Lightrun OIDC settings in the Lightrun Management Portal.

Step 4: Set up SSO OIDC using Okta in Lightrun¶

Log in to your Lightrun account.
Click Settings on the top right-hand side of menubar.
Set OIDC as your SSO Protocol based on your version:
- For version 1.54 and higher.
  1. Navigate to the Identity Configuration > Login Method tab.
  2. From the list, select Single Sign-On (SSO).
  3. Select OIDC as your SSO protocol.
- For version 1.53 and earlier.
  1. Navigate to the Identity and Access Management > Identity Configuration > Provisioning
  2. Click SSO toggle to enable SSO.
  3. Select OIDC as your SSO Protocol.
Paste the values you copied from Okta into the following fields.
- Identity Provider’s Discovery URL: Manually enter the following URL, where <CUSTOMER_NAME_HERE> is the domain name of your Okta setup, as follows:
  
  https://<CUSTOMER_NAME_HERE>.okta.com/.well-known/openid-configuration
- Identity Provider's Client ID: The unique identifier assigned to Lightrun by Okta.
- Identity Provider’s Client Secret: The secret key assigned to Lightrun by Okta for the OIDC authentication. 2. Click Save.