Skip to main content

SSO - Configuring Okta for Maze

Sean Kinney
  • Updated

Overview

Maze offers SSO as a feature for Enterprise customers who require their team members to log into Maze using their own identity provider. At present, we support Okta and OneLogin using OpenID Connect specifically. This document will walk you through how to configure Okta and the steps you'll need to take after you've configured Okta to enable Maze Support to finish your SSO setup.

Setting up Okta

To begin setting up Okta for Maze, you will need to create a custom application:

  1. Go to Applications > Applications in the left menu
  2. Click Create App Integration to begin creating an app for Maze
    okta_01.png
  3. Select "OIDC - OpenID Connect" for the sign-on method and "Web" for the application type and click Next
    okta_02.png
  4. Configure the application as follows:
    • App integration name: Maze or however your users are likely to refer to it
    • Grant type: Authorization Code and Implicit (Hybrid)
    • Sign-in Redirect URIs: https://sl-api.maze.design/auth/sso/TEAM_IDENTIFIER/callback AND https://sl-api.maze.design/auth/sso/okta/callback (both are needed) where TEAM_IDENTIFIER is replaced with the value provided to you by Maze Support
    • Sign-out Redirect URIs: https://app.maze.co
    • Base URIs: https://app.maze.co
    • Controlled access: Your choice whether to allow anyone in your Okta organization to access or if you'll control access
  5. Once configured as described above and shown roughly as below, click Next to create the application
    okta_03.png
  6. Once created, you should see the application listed with your Client ID and Client Secret values available for copying as shown below:
    okta_04.png

Completing your SSO Setup

Once you've completed the application installation and configuration steps in the preceding section, an owner or admin on your Enterprise team will need to contact Maze Support to request SSO setup be complete and will need to provide the following details:

  • Client ID
  • Client Secret
  • TEAM_IDENTIFIER (if you used something besides what you were directed to use)
  • Okta Domain

Because these are used to generate SSO authentication requests, they are sensitive information. As a result, we would suggest you share them with Maze Support using https://onetimesecret.com/ or a similar trusted solution rather than including these values as plain text in your support ticket.

Once Maze Support receives these details, we will finalize your SSO setup on this end and then work with you on migrating any users that may need to be migrated to SSO.

Related articles