SSO - Okta

SecDim offers SSO (Single Sign-On) integration with Okta via OpenID Connect (OIDC). This allows users to log in to the SecDim platform using their existing Okta credentials. This guide walks you through the setup steps your Okta administrator needs to complete.

What SecDim Needs from You

Before SecDim can activate SSO for your organisation, collect the following from your Okta setup and send them to your SecDim account manager.

Value Description

Client ID

Client ID from your Okta application

Client Secret

Client secret — send via a one-time secret tool, not email

Okta domain

e.g. acme.okta.com — your organisation’s Okta domain

Primary email domain

e.g. acme.com — the domain your users sign in with

SecDim will provide you with a provider name and your SSO login URL in the format https://id.secdim.com?auth=<provider>&origin=play once configuration is complete.

Step 1 — Create an App Integration in Okta

  1. Sign in to the Okta Admin Console

  2. Go to ApplicationsApplications

  3. Click Create App Integration

  4. Select OIDC - OpenID Connect as the sign-in method

  5. Select Web Application as the application type

  6. Click Next

Step 2 — Configure the Application

  1. Set the App integration name to SecDim SSO (or similar)

  2. Under Grant type, ensure Authorization Code is selected

  3. Under Sign-in redirect URIs, add:

    https://id.secdim.com/account/login/sso/<provider>/callback

    SecDim will give you the exact <provider> slug.

  4. Under Assignments, select Limit access to selected groups or Allow everyone in your organization depending on your requirements

  5. Click Save

  6. Copy the Client ID and Client Secret from the application settings

Step 3 — Configure Scopes

Ensure the following scopes are enabled for the application:

  • openid

  • email

  • profile

These are typically enabled by default in Okta.

Step 4 — Assign Users or Groups

  1. Go to your SecDim SSO application in Okta

  2. Select the Assignments tab

  3. Assign the users or groups who should have access to SecDim

  4. Users not assigned here will be blocked from logging in via SSO

Step 5 — Send Credentials to SecDim

Send the following to your SecDim account manager securely (not by email):

Value Where to find it

Client ID

Application → General → Client Credentials

Client Secret

Application → General → Client Credentials (send securely)

Okta domain

Your Okta URL, e.g. acme.okta.com

Primary email domain

e.g. acme.com

SecDim will use the Okta OIDC discovery endpoint to auto-configure the integration:

https://<your-okta-domain>/.well-known/openid-configuration

Calendar a secret renewal reminder before expiry — when the secret expires, SSO logins will fail.

Step 6 — (Optional) Automatic Department Assignment

If you want users to be automatically assigned to departments within SecDim on first login, you can add a custom claim to the ID token that returns the user’s department.

  1. Go to SecurityAPIAuthorization Servers

  2. Select your authorization server (usually default)

  3. Under Claims, add a new claim:

    • Name: department

    • Include in token type: ID Token

    • Value type: Expression

    • Value: user.department

  4. Let your SecDim account manager know the exact claim name

The department name in SecDim must match exactly with the value from Okta.

Step 7 — Test

Once SecDim confirms the configuration is active:

  1. Open https://id.secdim.com?auth=<provider>&origin=play in a private browser window

  2. You will be redirected to Okta to authenticate

  3. Sign in with an Okta account assigned in Step 4

  4. Confirm you land in SecDim associated with the correct company subscription

See Also