SSO
OpenID Connect (OIDC)
Create a new app integration
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications and click Create App Integration.
- On the Create a new app integration page, select OIDC - OpenID Connect as the Sign-in method, Web Application as the Application type, and click Next.
- Fill out the form on the New Web App Integration page according to the table below and click Save.
Field Value General Setting App integration name Metric.ai Logo Logo Sign-in redirect URIs https://psa.metric.ai/__/auth/handler (Authorization callback URL) Sign-out redirect URIs https://psa.metric.ai/ Assignments Controlled access Limit access to selected groups Selected group(s) Everyone
ℹ️ Note
You may opt to Skip the group assignment for now, but don't forget to assign the app at least to the Metric.ai admin eventually. - In the Client Credentials section of the General tab of the app's page, copy the Client ID and Client Secret to share with the Metric.ai team.
Configure ID token issuer
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications, and then click Metric.ai.
- In the OpenID Connect ID Token section of the Sign On tab, click Edit.
- Select Okta URL as the Issuer and click Save.
- Copy Okta URL set as issuer to share with the Metric.ai team.
Configure login initiated by Okta (optional)
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications, and then click Metric.ai.
- Click the pencil icon in the corner of the app's logo area.
- On the Edit Logo page, upload the Metric.ai logo (find the one provided above) and click Close.
- In the General Settings section of the General tab of the app's page, click Edit.
-
Select Either Okta or App as the Login initiated by value.
-
Check the Display application icon to users option as the Application visibility.
-
Keep Redirect to app to initiate login (OIDC Compliant) as the Login flow.
-
Enter Initiate login URL according to the table below.
Field Value Initiate login URI https://psa.metric.ai/sign-in - Click Save.
- Find the Metric.ai shortcut on the Okta organization home page.
Provisioning
Service App
See Configure OAuth for Okta: Service App.
Create a new app integration
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications and click Create App Integration.
- On the Create a new app integration page, select API Services as the Sign-in method and click Next.
- Enter the App integration name according to the table below and click Save.
Field Value App integration name Metric.ai (Provisioning) - In the Client Credentials section of the General tab of the app's page, copy the Client ID to set up the integration in Metric.ai later on.
Configure client authentication method
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications, and then click Metric.ai (Provisioning).
- In the Client Credentials section of the General tab, click Edit to change the client authentication method.
-
Select the Public key/Private key as the Client authentication method.
-
Leave the default of Save keys in Okta as public keys configuration, and then click Add key.
- In the Add a public key dialog, click Generate new key to auto-generate a new 2048 bit RSA key.
- In the Add a public key dialog, copy Private Key to set up the integration in Metric.ai later on.
ℹ️ Note
This is your only opportunity to save the private key. - Click Done. The new public key is now registered with the app and appears in a table in the PUBLIC KEYS section of the General tab.
- Click Save. A message states that the client authentication method changes to the Public key/Private key. Any existing client secrets for the app are deleted. Click Save to continue.
Grant allowed scopes
-
Sign in to your Okta organization as a user with administrative privileges.
-
In the Admin Console, go to Applications → Applications, and then click Metric.ai (Provisioning).
- Select the Okta API Scopes tab.
- Find
okta.groups.read
scope and click Grant next to it. In the Grant Okta API Scope dialog, click Grant Access to confirm.
Create Okta integration in Metric.ai
-
Open the Integrations page at Metric.ai.
-
Click New Integration, and then choose Okta from the list.
-
Fill out authorization settings according to the table below, and click Save.
Field Value Example Okta Domain The domain of your Okta URL (without protocol and path). example.okta.com Application Client ID From Create a new app integration step. - Private Key From Configure client authentication method step. -