# Okta SSO Setup for Secure Privacy – OIDC Guide

> Set up Okta Single Sign-On (SSO) with Secure Privacy using OIDC. This step-by-step guide covers authorization servers, app configuration, scopes, and common SSO troubleshooting tips.

- Canonical: https://support.secureprivacy.ai/article/single-signon-sso-configuration-integration-with-okta
- Product: Consent Management
- Category: Integrations
- Published: 2026-03-06T12:42:00+00:00
- Updated: 2026-03-24T23:40:57.599+00:00
- Reading time: 3 minutes

---

This guide provides a clear, step-by-step walkthrough for setting up **Single Sign-On (SSO) with Okta** in Secure Privacy. The Okta SSO integration lets administrators manage user access to multiple applications through a single, secure login — streamlining authentication while maintaining tight control over who can access your Secure Privacy account.

**Important:** Only Okta members who are _already_ added to your Secure Privacy account (visible on the **Users** page) will be permitted to log in via Okta SSO. Okta members not found in Secure Privacy will be blocked from access.

## Who Is This For?

This guide is intended for **IT administrators and account owners** who want to configure Okta as an identity provider (IdP) for Secure Privacy using OpenID Connect (OIDC). You should have admin access to both your Okta organization and your Secure Privacy account before proceeding.

## Step 1: Locate Your Okta Organization Domain

Find your Okta domain in the header dropdown menu within your Okta admin account. Copy it and paste it into the **Organization domain** field in Secure Privacy's SSO settings.

![Finding your Okta organization domain in the Okta admin header dropdown](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/4d84b1e8b23b20aac061-5663ed9a7296.webp)

Paste the domain into the corresponding field in Secure Privacy, as shown below:

![Pasting the Okta organization domain into the Secure Privacy SSO configuration field](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/4d3b4597a9a65c5a22d0-9d2eee3e93ac.webp)

## Step 2: Create an Authorization Server in Okta

In your Okta admin console, navigate to **Security → API → Authorization Servers** and create a new Authorization Server.

**Note:** This step is optional if you prefer to use your organization's default authentication server. However, creating a **custom authorization server** is the recommended approach for better scope and claims control.

![Okta admin console showing the Create Authorization Server page under Security > API](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/25cc0aaab52e509ea677-08d9ab787c38.webp)

## Step 3: Create and Configure an OIDC Web Application in Okta

Under **Applications** in Okta, create a new app integration for Secure Privacy:

-   Select **OIDC – OpenID Connect** as the sign-on method and **Web Application** as the application type.
-   Optionally enable **Client Credentials** grant type if required by your organization.

![Okta new app integration screen with OIDC and Web Application options selected](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/14cc58ada7ba4629895e-0e5877b9959c.webp)

-   Set the **Sign-in redirect URI** to exactly: `https://cmp.secureprivacy.ai/callback` (no trailing slash).

Confirm the sign-on method is set to **OpenID Connect**:

![Okta app settings confirming OpenID Connect as the sign-on method](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/52c16e96362ddf35e24b-b24c8861a1be.webp)

Ensure all required **OAuth 2.0 Scopes** are enabled. These are pre-selected by default unless you have previously reconfigured them:

![Okta OIDC app scopes configuration panel showing required scopes enabled](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/957ef918b8ba6cc4d1b6-e44da0b97223.webp) ![Additional Okta scopes view confirming all default OAuth scopes are selected](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/2537f4fe32d6afa48954-672004a868cc.webp)

Finally, copy the **Client ID** and **Client Secret** from your Okta app and paste them into the corresponding fields in Secure Privacy's SSO settings:

![Secure Privacy SSO settings showing Client ID and Client Secret fields for Okta integration](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/9110ee9b12210c46f200-0f36d643bed7.webp)

## Step 4: Complete the Okta SSO Setup

Once all fields are saved, your Okta users can log in to Secure Privacy using their existing Okta credentials. No separate Secure Privacy password is required for SSO-enabled users.

## Common Okta SSO Issues & Fixes

**Authorization Server Configuration Errors**

Double-check your Okta Authorization Server settings, including all configured scopes and claims. Ensure the correct server is selected and that the issuer URI matches what is entered in Secure Privacy.

**Invalid Redirect URI Error**

Ensure the redirect URI in Okta matches exactly `https://cmp.secureprivacy.ai/callback` — with no trailing slash and no variation in casing.

**Users Unable to Log In via SSO**

Confirm that the affected users have been added to your Secure Privacy account on the **Users** page _and_ have been assigned the appropriate application in Okta. Both conditions must be met.

## Frequently Asked Questions

Can I use Okta SSO without creating a custom authorization server?

Yes. Creating a custom authorization server is recommended for granular control, but you can use your organization's default Okta authorization server if preferred.

What happens if an Okta user is not in Secure Privacy?

Okta members who are not already added to your Secure Privacy account will be denied login, even if they are valid Okta users. You must first add them on the Secure Privacy **Users** page.

Which sign-on method does Secure Privacy use with Okta?

Secure Privacy uses **OpenID Connect (OIDC)** for Okta SSO integration. Make sure the OIDC sign-on method is selected when creating the Okta app integration.

Is Okta SSO available on all Secure Privacy plans?

SSO availability depends on your Secure Privacy subscription plan. Contact Secure Privacy support if you are unsure whether SSO is included in your current plan.

## See Also

-   [How to Onboard with Secure Privacy via CMS Plugins (Shopify & WordPress)](https://support.secureprivacy.ai/article/onboard-with-secure-privacy-via-cms-plugins--shopify--wordpress)
-   [Scanning Your Website for Regulatory Compliance](https://support.secureprivacy.ai/article/a-guide-to-scanning-your-website-for-regulatory-compliance)
-   [Should You Block All Cookies? GDPR Cookie Categories Explained](https://support.secureprivacy.ai/article/should-you-block-all-cookies-gdpr-cookie-categories-explained)
-   [Google Consent Mode Basic Setup – Secure Privacy Guide](https://support.secureprivacy.ai/article/google-consent-mode-basic-setup--secureprivacy-guide)
