Skip to main content

Prerequisites

You need:
  • Growth plan subscription
  • Admin access to your identity provider (Okta or Microsoft Entra)
  • Identity provider that supports OpenID Connect Discovery
Contact your Oso Cloud team before starting. Some configuration steps require team member assistance.

Configure SSO with Okta

Create OIDC Application

  1. Log into Okta Admin Console
  2. Navigate to ApplicationsCreate App Integration
  3. Select integration settings:
    • Sign-on method: OIDC - OpenID Connect
    • Application type: Web Application
  4. Configure application settings:
    • Check Authorization Code in Core grants (no other grants needed)
    • Sign-in redirect URI: https://ui.osohq.com/web/oauth/oidc/callback
    • Logout redirect URI: https://ui.osohq.com/web/logout
  5. Set user assignments: Choose which users can access Oso Cloud through this application. Users still need manual invites to your Oso Cloud organization.
  6. Click Save

Optional: Configure Identity Provider (IdP) Initiated Login

Enable users to launch Oso Cloud directly from Okta:
  1. Navigate to General tab of your created application
  2. Configure login settings:
    • Login initiated by: Either Okta or app
    • Initiate login URI: https://ui.osohq.com/web/oauth/oidc/CUSTOMER_ID/login/
Replace CUSTOMER_ID with your 3-5 character identifier.

Gather Required Information

Copy these values from your Okta application’s General tab:
  • Client ID
  • Client Secret
  • OIDC Discovery URL (example: https://trial-8895628.okta.com/.well-known/openid-configuration)
Choose a Customer ID: Create a short 3-5 character identifier (example: acme). Send these to your Oso Cloud contact for final setup.

Configure SSO with Microsoft Entra

Create Application Registration

  1. Log into Azure portal
  2. Navigate to Microsoft Entra IDManageApp Registrations
  3. Click New registration
  4. Configure registration:
    • Provide application name
    • Select supported account types (single or multi-tenant)
    • Redirect URI platform: Web
    • Callback URL: https://ui.osohq.com/web/oauth/oidc/callback
  5. Click Register

Configure Application

  1. Generate client secret:
    • Navigate to Certificates & Secrets
    • Create new client secret
  2. Copy required values:
    • Client ID (from Overview tab)
    • Client Secret (from step 1)
    • OpenID Connect metadata URL (from Endpoints)
Choose a Customer ID: Create a short 3-5 character identifier (example: acme). Send these to your Oso Cloud contact for final setup.

Sign In with SSO

  1. Navigate to https://ui.osohq.com/
  2. Select “Log in with SSO”
  3. Enter your Customer ID (provided by your team or chosen during setup)
  4. Click Continue
Oso Cloud redirects you to your identity provider for authentication, then returns you to complete the sign-in process.

Important Limitations

  • Manual user invites required. SSO does not auto add users.
  • No SCIM/JIT provisioning.
  • Org migrations. Re-invite all users with corporate emails; SSO and non-SSO logins are separate accounts.
  • Non-SSO access remains. Remove users manually if enforcing SSO-only.