Okta OIN Integration

SSO Configuration for Okta Customers

LIZ allows users to login via Okta as Single Sign-On (SSO) using Express Configuration. This document details how to configure SSO for your organization.

Prerequisites

In order to proceed with configuring login with SSO through Okta, you must:

  • Have access to an Okta tenant
  • Be an Okta administrator to that tenant
  • Have an active LIZ App subscription

Supported Features

  • Service Provider (SP)-Initiated Authentication (SSO) Flow – Users initiate login directly in LIZ (for example via https://app.onltx.com/) and are redirected to Okta for authentication.
  • Universal Logout – When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.
  • Coordinated sign-out (partial logout) – A coordinated sign-out flow can ensure that when Okta terminates a session, the user’s LIZ session is also terminated. The exact scope depends on your Okta configuration and enabled features.

Configuration Steps

  1. Request Admin Account

    Contact LIZ support at support@liz.solutions to request an admin account for Express Configuration. Include your organization name and the email address that should receive the admin credentials.

  2. Receive Credentials from LIZ

    LIZ support will create an admin account and reply with:

    • Admin email address
    • Temporary password (OTP)
    • An organization name unique to your company
    • Instructions to activate the connection

    Important: Use these admin credentials for “Express Configure SSO” (not your personal Okta admin account).

  3. Add LIZ in Okta

    • In Okta, go to Applications → Browse App Catalog
    • Search for "LIZ"
    • "LIZ": main production instance.
    • Click Done

  4. Express Configure SSO

    • On the newly created LIZ application, click the Sign On tab
    • Click Express Configure & Universal UL
    • Enter the organization name provided by LIZ
    • When prompted for credentials, enter the admin email and temporary password provided by LIZ
    • On the next screen, approve the connection with LIZ to complete the setup

  5. Enable Universal Logout

    • On the Sign On tab of the LIZ application
    • Check the box for "Okta system or admin initiates logout"

  6. Notify LIZ

    Send an email to support@liz.solutions to confirm that you have completed the Express Configuration setup. Please include your organization name and your Okta tenant URL (for example yourcompany.okta.com).

    LIZ support will then:

    • Enable home realm discovery for your domain
    • Enable application access so your users can log in
    Wait for confirmation from LIZ before proceeding to the next step.

  7. Assign Users and Test

    Once LIZ has confirmed the setup is complete:

    • Assign the admin account to the LIZ application in Okta
    • Assign any other users or groups that should have access to LIZ
    • Test the login flow by navigating to the LIZ app and logging in with the admin account:
    • You should be automatically redirected to your Okta SSO login

  8. Confirm Completion

    After successfully testing the login flow, send a final email to support@liz.solutions to confirm everything is working. LIZ will then remove the temporary admin account as it is no longer needed.

    Since only SP-initiated flow is supported, Okta recommends hiding the app icon for users to avoid confusion.

SP-Initiated SSO (Logging Into LIZ Using Okta)

The sign-in process is initiated from LIZ.

  • From your browser, navigate to the LIZ app. You’ll see a login screen.
  • Production: https://app.onltx.com/
  • Enter your enterprise email address
  • You will be automatically prompted to authenticate with Okta
  • Enter your Okta credentials (email and password) and sign in
  • If your credentials are valid, you are redirected to the LIZ dashboard.

Universal Logout

When Universal Logout is enabled, Okta can terminate user sessions across all applications when:

  • An administrator initiates a logout from the Okta Admin Console
  • The Okta system detects risk and terminates sessions for security

This ensures that when a user is logged out of Okta, they are also logged out of LIZ.

Notes

  • LIZ only allows SSO-based login and does not support password-based login for enterprise accounts
  • Please ensure that all users who need access to LIZ can authenticate using Okta

How it works

SP-Initiated SSO flow

  1. The user navigates to the LIZ app (for example https://app.onltx.com/).
  2. After entering their email, LIZ recognizes the domain and redirects the user to Okta.
  3. After successful authentication, the user is redirected back to LIZ and receives an active session.

Troubleshooting

Access denied

Verify the user (or group) is assigned to the LIZ application in Okta under the Assignments tab.

Express config error

Ensure you use the admin credentials from Step 2 for “Express Configure SSO”, not your personal Okta admin account.

Support

For further assistance, contact support@liz.solutions. Please include your organization name and a screenshot of any error messages.