Overview
Maze offers SSO as a feature for Enterprise customers who require their team members to log into Maze using their own identity provider. At present, we support Okta and OneLogin using OpenID Connect specifically. This document will walk you through how to configure Okta and the steps you'll need to take after you've configured Okta to enable Maze Support to finish your SSO setup.
Setting up Okta
To begin setting up Okta for Maze, you will need to create a custom application:
- Go to Applications > Applications in the left menu
- Click Create App Integration to begin creating an app for Maze
- Select "OIDC - OpenID Connect" for the sign-on method and "Web" for the application type and click Next
- Configure the application as follows:
- App integration name:
Maze
or however your users are likely to refer to it - Grant type:
Authorization Code
andImplicit (Hybrid)
- Sign-in Redirect URIs:
https://sl-api.maze.design/auth/sso/TEAM_IDENTIFIER/callback
ANDhttps://sl-api.maze.design/auth/sso/okta/callback
(both are needed) whereTEAM_IDENTIFIER
is replaced with the value provided to you by Maze Support - Sign-out Redirect URIs:
https://app.maze.co
- Base URIs:
https://app.maze.co
- Controlled access: Your choice whether to allow anyone in your Okta organization to access or if you'll control access
- App integration name:
- Once configured as described above and shown roughly as below, click Next to create the application
- Once created, you should see the application listed with your
Client ID
andClient Secret
values available for copying as shown below:
Completing your SSO Setup
Once you've completed the application installation and configuration steps in the preceding section, an owner or admin on your Enterprise team will need to contact Maze Support to request SSO setup be complete and will need to provide the following details:
- Client ID
- Client Secret
- TEAM_IDENTIFIER (if you used something besides what you were directed to use)
- Okta Domain
Because these are used to generate SSO authentication requests, they are sensitive information. As a result, we would suggest you share them with Maze Support using https://onetimesecret.com/ or a similar trusted solution rather than including these values as plain text in your support ticket.
Once Maze Support receives these details, we will finalize your SSO setup on this end and then work with you on migrating any users that may need to be migrated to SSO.