• Identity provider with OIDC support (eg. Okta, OneLogin, etc...)

  • SSO enabled in Mitzu


  1. Login to Mitzu and navigate to the 'Manage organisation' page. Once SSO is enabled the details of the integration can be configured:

  2. Open the webconsole of your Identity Provder and create a new client application, with the following settings:

    • Application type: Web Application

    • Grant type: Authorization Code

    • Sign-in redirect URIs: copy the entire value of the Redirect URL input from the Mitzu SSO settings

    • Sign-out redirect URIs: copy the entire value of the Home URL and append `/auth/unauthorized'

    • to initiate the login from the Identity Provider side, redirect the users to the Home URL appended '/auth/redirect-to-login'

    • Client authentication: client secret

  3. Configure the client settings on the Mitzu SSO page

    • Client ID, Client Secret values can

    • Authorize endpoint, token endpoint and JWKS URI can be configured manually or set the <idp>/.well-known/openid-configuration URL and click on the Fetch OIDC Settings button. It will fetch the configuration and fill out these fields.

  4. Click save

  5. In a different browser (or in an incognito window) verify the login flow. If it is not working as expected then please supervise your settings or contact Mitzu Support.

Last updated