1. AODocs Knowledge Base
  2. AODocs tenant administration — for super administrators
  3. Technical details and performance recommendations

Configure Okta Single Sign-On (SSO) for AODocs

Follow
Avatar
AODocs

What is Okta for AODocs?

AODocs supports Okta as an Identity Provider (IdP) through the OpenID Connect (OIDC) protocol.

This integration lets organizations leverage their existing Okta infrastructure for AODocs access management. Users can sign in to AODocs seamlessly and securely through their usual Okta sign in credentials. 

In this article: 

Automatically generated table of contents

How does Okta for AODocs work?

Okta integration with AODocs enables secure Single Sign-On (SSO) authentication using OpenID Connect.

This feature lets your organization:

  • use existing Okta credentials to access AODocs
  • centralize user authentication and access management
  • enhance security with enterprise-grade SSO

AODocs supports Okta integration across all environments:

  • Production (US and EU regions)
  • Staging (US and EU regions)
  • Development environments

Set up Okta integration with AODocs Support

Setting up Okta integration involves collaboration between your organization and the AODocs Support team. Contact the AODocs Support team by email at support@aodocs.com or open a ticket.

The process consists of three steps:

Prerequisites

Before configuring Okta integration, make sure you have:

  • administrator access to your Okta organization
  • the name of your AODocs domain
  • AODocs super administrator privileges on your domain – learn more: Manage AODocs super administrators

Step 1: Create the AODocs application in Okta

Your Okta administrator configures an AODocs application in your Okta organization.

Create a new app integration

1. Sign in to your Okta Admin Console.

2. In the left panel, select Applications > Applications.

3. Click Create App Integration.

image01.png

4. Select the following options:

  • Sign-in method: OIDC - OpenID Connect
  • Application type: Web Application

5. Click Next.

image02.png

Configure application settings

1. Under General Settings, enter the name of your app integration name: AODocs

2. Under Sign-in redirect URIs, add the appropriate redirect URI based on your AODocs environment.

Environment Region Redirect URI
Production US https://ao-docs.firebaseapp.com/__/auth/handler
Production EU https://aodocs-core-eu-1.firebaseapp.com/__/auth/handler

Note: Add only the redirect URI that corresponds to your AODocs environment and region.

3. Under Sign-out redirect URIs, remove all sign-out redirect URIs. This field must be empty.

4. Click Save.

image03.png

Configure assignments

In your new AODocs application:

1. Under Assignments, select an assignment option according to your organization's access requirements:

  • Allow everyone in your organization to access - all Okta users can access AODocs
  • Limit access to selected groups - only specified groups can access AODocs
  • Skip group assignment for now - lets you configure assignments later

2. Click Save

image04.png

Collect your configuration information

After creating and configuring the application, you must collect information to share with AODocs Support. During this step you can also change your logo.

1. Create a document in which you will store the information you need to send to AODocs Support.

You'll paste the information required by AODocs Support into this document.

Important: Keep these credentials secure. You will needed them for the AODocs configuration.

2. Click the copy button next to the Client ID field. Paste into your document. 

3. Under Client Secrets, click the copy button next to the secret. Paste into your document. 

image05.png

4. If you want to change your logo:

  • Click Edit on the Settings button
  • In the Edit logo dialog, upload your logo.
  • Click Close.

5. In the left panel open Security and select API

6. Copy the Issuer URL (format: https://your-okta-domain.okta.com). Paste into your document. 

Step 2: Share your configuration details with AODocs Support

Contact AODocs Support by email at support@aodocs.com to complete the integration setup.

Security Note: AODocs Support will provide a secure method for sharing sensitive credentials. Never send your client secret via unencrypted email.

Required information:

Optional information:

  • preferred go-live date
  • number of users expected to use Single-Sign-On
  • any specific user groups or access requirements

 

Step 3: AODocs backend configuration (done by AODocs Support)

AODocs Support handles the backend configuration.

AODocs Support will:

  • set up secure storage of credentials in the AODocs infrastructure
  • configure an OIDC provider for your domain
  • test the environment setup (if requested)
  • configure validation

This process typically takes 1 to 2 business days after receiving all required information.

Step 4: Testing and validation

Initial testing

When AODocs Support has confirmed that the configuration is complete, carry out following the testing and validation steps.

1. Test with a pilot user:

  • Navigate to your AODocs domain.
  • Select the Sign in with Okta option.
  • Check that authentication is successful.
  • Confirm that the user can access the expected AODocs resources.

2. Check user provisioning:

  • Check that the user profile information is correctly synchronized.
  • Confirm that email addresses match between Okta and AODocs.

3. Test access controls:

  • Check that Okta group assignments work correctly (if configured).
  • Test with users from different groups or roles.

Rollout recommendations

1. Pilot Phase (recommended):

  • Start with a small group of technical users.
  • Gather feedback on the authentication experience.
  • Document any issues or questions.

2. Gradual rollout:

  • Expand to department or team level.
  • Provide user communication and training materials.
  • Monitor for authentication issues.

3. Full deployment:

  • Enable for all intended users.
  • Communicate the change to your organization.
  • Provide support documentation to end users.

Troubleshooting

Common issues and solutions

Issue Possible Cause Solution
"Invalid redirect URI" error Incorrect redirect URI configured Check the exact redirect URI with AODocs Support
Users cannot see AODocs in Okta Assignment not configured Check Okta app assignment settings
"Client authentication failed" Invalid credentials Check Client ID and Secret with AODocs Support
Users redirected to wrong environment Multiple redirect URIs configured Ensure only one redirect URI is configured
Profile information not syncing Attribute mapping issues

Contact AODocs Support for attribute configuration

 

Getting help

If you encounter issues during setup or operation:

  • During the initial setup, contact AODocs Support at support@aodocs.com.
    Include:
    • error messages and screenshots
    • your ticket reference number
  • For Okta-specific issues, consult your Okta administrator.
    • Review Okta audit logs for authentication attempts.
    • Check Okta application settings.
  • For end user isues:
    • Check the user has proper Okta assignments.
    • Check AODocs user permissions.
    • Clear browser cache and cookies.

Security considerations

Best practices

Credential management:

  • Rotate your Client Secret periodically (coordinate with AODocs Support).
  • Limit access to the Okta application configuration.
  • Use secure channels when sharing credentials.

Access control:

  • Regularly review Okta app assignments.
  • Implement the principle of least privilege.
  • Monitor authentication logs.

Session management:

  • Configure appropriate session timeouts in Okta.
  • Educate users about signing out when finished.
  • Consider implementing multi-factor authentication in Okta.

Compliance and auditing

  • Authentication events are logged in both Okta and AODocs.
  • Okta audit logs provide detailed authentication tracking.
  • AODocs maintains access logs for compliance requirements.

Known limitations

Following the introduction of Okta authentication for AODocs, some behaviors are expected due to how Google-based services handle identity verification:

  • Access to Looker Studio:
    Looker Studio is a Google product and only supports authentication through Google Accounts. As a result, users signing in via Okta cannot access Looker Studio dashboards since Okta credentials are not recognized by Google’s authentication layer. Access is possible only when signing in with a Google Account.
  • Editing attached files:
    Certain contributors may be unable to edit AODocs attached files after switching to Okta. This occurs because the Okta user identity is not the same as the original Google Account used for permissions. Since AODocs permissions are tied to Google identities, contributors need to use their Google sign-in to retain full editing access.

These are expected technical limitations stemming from Google service dependencies, not system errors.

Users who need to access Looker Studio or edit attached files should continue signing in with their Google Accounts until native support for Okta-based permissions is expanded.

Frequently asked questions

Question: Can we use multiple Okta organizations with AODocs?
Answer: Yes, but each requires separate configuration. Contact AODocs Support to discuss multi-organization setups.

Question: What happens to existing AODocs user accounts?
Answer: Existing accounts will be linked based on email address matching. Users will maintain their permissions and content access.

Question: Can we disable password authentication after enabling Okta?
Answer: Yes, this can be configured to enforce Okta-only authentication. Discuss this requirement with AODocs Support.

Question: Is MFA (Multi-Factor Authentication) supported?
Answer: Yes, MFA configured in Okta will be enforced for AODocs access.

Question: Can we customize the sign-in experience?
Answer: Limited customization is available. Contact AODocs Support to discuss specific requirements.

Question: What user attributes are synchronized from Okta?
Answer: By default: email, first name, last name, and display name. Additional attributes can be configured if needed.

Additional resources

Contact information

For assistance with Okta integration:

  • Email: support@aodocs.com 
  • Subject Line Format: "Okta SSO - [Your Company] - [Issue Type]"
  • Include: Your AODocs domain, environment details, and specific error messages

Learn more: What details should you share with the AODocs Support team when you open a ticket?

Was this article helpful? 0 out of 0 found this helpful
If you didn’t find what you were looking for, don’t hesitate to leave a comment!
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more

Related articles