Okta Single Sign-On (SSO)

Single Sign-On (SSO) allows your employees to sign into Learn Amp using their existing Okta credentials. This eliminates the need for separate passwords and provides a seamless, secure authentication experience.

With Okta SSO enabled, users simply click "Sign in with Okta" and are authenticated using their organisation's identity provider—no additional Learn Amp password required.

• Simplified Access – One set of credentials for all your applications

• Enhanced Security – Leverage Okta's security features including two-factor authentication

• Centralised Control – Manage access from your Okta admin console

• Real-time Reporting – Monitor authentication events through Okta's security dashboard

Learn Amp uses OpenID Connect (OIDC) to authenticate users with Okta:

1. User clicks "Sign in with Okta" on the Learn Amp login page

2. User is redirected to Okta to enter their credentials

3. Okta validates the user and returns an authentication token

4. Learn Amp creates or updates the user session

5. User is signed into Learn Amp

💡 Tip: SSO can be used independently of user provisioning. You can enable SSO without automatic user creation—users would need to exist in Learn Amp first.

Before setting up Okta SSO, ensure you have:

• Administrator access to your Okta account

• Administrator access to your Learn Amp account

• The Okta integration enabled for your account (contact us to request this)

The following Learn Amp roles can configure Okta SSO:

• Owner – Full access to all integration settings

• Admin – Full administrative access to integration settings

1. Sign in to your Okta admin account at okta.com

2. Navigate to Applications → Applications

3. Click Create App Integration

4. Select OIDC - OpenID Connect

5. Select Web Application

6. Click Next

1. Enter an App Integration Name (e.g., "Learn Amp")

2. Under Client acting on behalf of a user, enable:

   • Authorization Code

   • Refresh Token

   • Implicit (hybrid)

Add the following Sign-in redirect URIs (replace <subdomain> with your Learn Amp subdomain):

Choose who can access Learn Amp:

• Allow everyone in your organization – All Okta users can sign in

• Limit access to selected groups – Restrict to specific Okta groups

• Skip for now – Configure access later

Click Save.

1. Sign in to Learn Amp as an Owner or Admin

2. From the sidebar, select Settings → Integrations → Okta

3. Copy the Client ID and Client Secret from your Okta app

4. Enter your Okta domain as the API URL

5. Click Save, then Connect to Okta

6. Follow the prompts to authorise the connection

Once configured, test the integration:

1. Sign out of Learn Amp completely

2. Navigate to your Learn Amp URL

3. Click Sign in with Okta

4. Enter your Okta credentials

5. Verify you're signed into Learn Amp successfully

💡 Tip: Test with a non-admin account first to ensure regular users can authenticate correctly.

You can configure Learn Amp to require SSO for all users, disabling password-based login. Contact Learn Amp support to enable this option.

By default, both SSO and password login are available. Users can choose their preferred method.

Q: Can users still log in with email and password?
Yes, by default both methods are available. If you want to enforce SSO-only login, contact Learn Amp support.

Q: What happens if a user doesn't exist in Learn Amp?
If SSO-only is configured (without provisioning), the user will see an error. To automatically create users, enable User Provisioning alongside SSO.

Q: Can I use SSO without user provisioning?
Yes. SSO and User Provisioning are independent features. You can enable SSO alone—users just need to exist in Learn Amp beforehand.

Q: What authentication details do I need from Okta?
You need: Client ID, Client Secret, and your Okta domain (API URL).

Q: Why am I redirected back to Okta in a loop?
This usually indicates a redirect URI mismatch. Verify your URIs in Okta match exactly, including the protocol (https) and subdomain.