Overview
Omni supports Single Sign-On via Okta, allowing your team to log in with their existing corporate credentials. Once SSO is configured, you can optionally disable password-based authentication.Prerequisites
- An Okta admin account with permission to create applications
- A commercial Omni license (or evaluation with fewer than 10 users)
- Omni deployment using the
omni-web-enterpriseDocker image
Enable SSO
Step 1: Switch to the Enterprise Image
Replace theomni-web Docker image with omni-web-enterprise in your docker-compose.yml:
Step 2: Create an Okta Application
- Log in to your Okta Admin Console
- Go to Applications → Create App Integration
- Select OIDC - OpenID Connect and Web Application
- Configure the application:
- App integration name: Omni
- Sign-in redirect URI:
https://<your-omni-domain>/auth/okta/callback - Sign-out redirect URI:
https://<your-omni-domain>
- Under Assignments, assign the app to the users or groups who should have access
- Save the application
- Note the Client ID and Client Secret from the application settings
Step 3: Configure Okta in Omni
- Navigate to Settings → Authentication in the Omni admin panel
- Under Okta SSO, enter:
- Okta Domain: Your Okta domain (e.g.,
yourcompany.okta.com) - Client ID: From Step 2
- Client Secret: From Step 2
- Okta Domain: Your Okta domain (e.g.,
- Click Save
SSO is now configured. Users will see an “Sign in with Okta” option on the login page.
Disabling Password Authentication
Once SSO is active, you can disable password-based login:- Navigate to Settings → Authentication
- Toggle off Password Authentication