Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getomni.co/llms.txt

Use this file to discover all available pages before exploring further.

Google OAuth is supported in the community edition and does not require a commercial license. Configure it from SettingsAuthentication in the admin panel.
Okta and Microsoft Entra ID SSO are enterprise features. They are free for evaluation with up to 10 users. For org-wide rollout, a commercial license is required — contact hello@getomni.co for pricing.

Overview

Omni supports Single Sign-On via Google OAuth (community), Okta, and Microsoft Entra ID. Once SSO is configured, you can optionally disable password-based authentication. All SSO provider configurations — including client secrets — are stored encrypted in the database and managed through the admin UI, not environment variables.

Enterprise Prerequisites

  • An Okta or Entra ID admin account with permission to create applications
  • A commercial Omni license (or evaluation with fewer than 10 users)
  • Omni deployment using the omni-web-enterprise Docker image

Enable Enterprise SSO

Step 1: Switch to the Enterprise Image

Replace the omni-web Docker image with omni-web-enterprise in your docker-compose.yml: 
web:
  image: ghcr.io/getomnico/omni-web-enterprise:${OMNI_VERSION:-latest}
Restart services after making this change. The enterprise image pulls in the Okta and Entra ID provider packages, which the community image falls back to null for.

Step 2: Create an Okta Application

  1. Log in to your Okta Admin Console
  2. Go to ApplicationsCreate App Integration
  3. Select OIDC - OpenID Connect and Web Application
  4. Configure the application:
    • App integration name: Omni
    • Sign-in redirect URI: https://<your-omni-domain>/auth/okta/callback
    • Sign-out redirect URI: https://<your-omni-domain>
  5. Under Assignments, assign the app to the users or groups who should have access
  6. Save the application
  7. Note the Client ID and Client Secret from the application settings

Step 3: Configure Okta in Omni

  1. Navigate to SettingsAuthentication in the Omni admin panel
  2. Under Okta SSO, enter:
    • Okta Domain: Your Okta domain (e.g., yourcompany.okta.com)
    • Client ID: From Step 2
    • Client Secret: From Step 2
  3. Click Save
SSO is now configured. Users will see a “Sign in with Okta” option on the login page.

Microsoft Entra ID

Entra ID (formerly Azure AD) is configured the same way as Okta — register an application, add a client secret, and enter the tenant ID, client ID, and client secret in SettingsAuthenticationMicrosoft Entra ID.

Step 1: Register an Enterprise Application in Entra ID

  1. Sign in to the Azure Portal as a Global Administrator
  2. Go to Microsoft Entra IDApp registrationsNew registration
  3. Set the name: Omni SSO
  4. Supported account types: Single tenant
  5. Redirect URI: Webhttps://<your-omni-domain>/auth/entra/callback
  6. Click Register
  7. Note the Application (client) ID and Directory (tenant) ID

Step 2: Create a Client Secret

  1. Go to Certificates & secretsNew client secret
  2. Set an expiry period and click Add
  3. Copy the secret value immediately — it will not be shown again

Step 3: Configure Entra ID in Omni

  1. Navigate to SettingsAuthentication
  2. Under Microsoft Entra ID, enter the Tenant ID, Client ID, and Client Secret
  3. Click Save

Disabling Password Authentication

Once at least one SSO provider is active, you can disable password-based login:
  1. Navigate to SettingsAuthentication
  2. Toggle off Password Authentication
Before disabling password auth, ensure at least one admin has signed in via the other auth method (Google, Okta, or Entra ID). This prevents account lockout. Password auth cannot be disabled unless another authentication method is active.