Okta SSO Configuration for Lega

Lega supports OAuth 2.0 and OIDC (OpenID Connect) standards to provide secure login and seamless single sign-on (SSO) for users. This allows customer admins to leverage their existing Okta login systems and security policies to control access to Lega. We officially support both Microsoft Entra and Okta.


Step 1: Register a New Application in Okta

  1. Log in to your Okta Admin Console with the appropriate administrative permissions.
  2. Navigate to Applications > Applications > Create App Integration.
  3. Select OIDC - OpenID Connect as the sign-in method, and Web Application as the application type.
  4. Enter a name for the application (e.g., "Lega").
  5. In the Sign-in redirect URIs field, enter the redirect URI provided in your Lega onboarding email. If you do not have this, please contact Lega Support.
  6. Click Save to create the app integration.

Step 2: Configure Client Credentials

  1. Under your new app’s settings, navigate to General > Client Credentials.
  2. Generate a new Client Secret by clicking Edit under Client Credentials and selecting New Client Secret.
  3. Copy the generated client secret and store it securely. This secret will not be shown again, but you can generate a new one if needed. If the client secret expires, notify Lega Support to update the configuration.
  4. You will also need the Client ID and Issuer URL from this page for your Lega instance configuration.

Step 3: Add Scopes and Permissions

Lega requests certain user information for identity verification, user details updates, and access control within your Lega instance.

  1. Under Sign On, scroll to the OpenID Connect ID Token section.
  2. Click Edit and add the following scopes to ensure proper permissions:
    • openid
    • profile
    • email
  3. Save the changes.

Step 4: Configure Group Claims

Group claims allow Lega to retrieve Okta group information to assign roles and permissions in Lega.

  1. Go to Sign On > Edit > Group Claims.
  2. Select Groups assigned to the application to include only explicitly assigned groups.
  3. Save the configuration.

Step 5: Optionally Configure App Roles (RECOMMENDED)

App roles help map Okta roles or groups to Lega-defined roles, allowing for automatic role assignment when users log in. Without this, all users will be assigned the "User" role by default.

  1. Navigate to Assignments > Assign to People/Groups.
  2. Assign the appropriate groups or users.
  3. If you have specific roles in Lega (e.g., "Lega Users", "Lega Creators", etc.), you can map these to your Okta groups here. Follow your Lega documentation for guidance on which roles to assign.

Step 6: Assign Users and Groups to the Application

  1. In the Assignments tab, click Assign and choose either Assign to People or Assign to Groups.
  2. It is best practice to assign groups rather than individual users for easier management. Assign groups that will need access to Lega.

Final Step: Share Required Details with Lega Support

  1. To finalize your OIDC security configuration in Lega, please provide the following details:
    • Issuer URL
    • Client ID

    • Client Secret (generated in Step 2)

      Once these details are shared with Lega Support, your instance will be securely integrated with Okta for SSO.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us