Prerequisites:

• Identity provider with OIDC support (eg. Okta, OneLogin, etc...)

• SSO enabled in Mitzu

Steps:

1. Login to Mitzu and navigate to the 'Manage organisation' page. Once SSO is enabled the details of the integration can be configured:

2. Open the webconsole of your Identity Provder and create a new client application, with the following settings:

   • Application type: Web Application

   • Grant type: Authorization Code

   • Sign-in redirect URIs: copy the entire value of the Redirect URL input from the Mitzu SSO settings

   • Sign-out redirect URIs: copy the entire value of the Home URL and append `/auth/unauthorized'

   • to initiate the login from the Identity Provider side, redirect the users to the Home URL appended '/auth/redirect-to-login'

   • Client authentication: client secret

3. Configure the client settings on the Mitzu SSO page

   • Client ID, Client Secret values can

   • Authorize endpoint, token endpoint and JWKS URI can be configured manually or set the <idp>/.well-known/openid-configuration URL and click on the Fetch OIDC Settings button. It will fetch the configuration and fill out these fields.

4. Click save

5. In a different browser (or in an incognito window) verify the login flow. If it is not working as expected then please supervise your settings or contact Mitzu Support.