Okta OIDC SSO Integration
Learn how to integrate Fiddler with Okta for seamless Single Sign-On (SSO) authentication using the OpenID Connect (OIDC) protocol.
Overview
This integration allows your users to access Fiddler using their existing Okta credentials. Users are automatically provisioned in Fiddler on their first successful login, eliminating the need for manual user invitations.
Prerequisites
Before starting, ensure you have:
Okta Administrator Access: Permissions to create and configure applications in your Okta organization
Fiddler AuthN Administrator Access: "Org Owner" role in Fiddler's AuthN management console
Deployment Information: Your Fiddler deployment base URL
Configuring Okta
Create New Okta Application Integration
On the Okta admin console, navigate to Applications and select the Create App Integration button:
Select OIDC - OpenID Connect for the Sign-in method, select Web Application for the Application type, and then select the Next button to create the new application:
Assign a name for your application integration in the App integration name text box
Enter the first Redirect URI into the Sign-in redirect URIs text box, e.g.
https://authn-example2.dev.fiddler.ai/ui/login/login/externalidp/callback
Select the + Add URI button and add the second Redirect URI, e.g.
https://authn-example2.dev.fiddler.ai/idps/callback
Enter your base Fiddler URL into the Sign-out redirect URIs text box, e.g. https://
example2.dev.fiddler.ai
:
Select the Save button to create the application
With the application integration created, copy the following values to use in configuring the identity provider in the Fiddler AuthN console:
On the General tab, copy the Client ID and Secret values:
On the Sign On tab, copy the Issuer URL:
Configuring Fiddler
Configure the Identity Provider in Fiddler
Return to the Fiddler AuthN console where we left off and enter the following values:
Assign a name and enter it in the Name text box. Note that this name will be displayed on the SSO login button on the Fiddler sign-in page so choose a name your users will recognize.
In the Issuer text box, paste the Issuer URL copied from the Okta admin console
In the Client ID and Client Secret, past those values copied from the Okta admin console:
Configure Additional Parameters
Expand the optional section
Add the text
groups
to the Scopes List text box and ensure it is listed along withopenid
,profile
, andemail
Ensure the Automatic create and Automatic update checkboxes are selected
Set the Determines whether an identity will be prompted to be linked to an existing account dropdown to Check for existing Username
Select the Create button and the select the Save button

Create a Custom Action
Select the Actions tab from the top menu

Select the New button in the Scripts section to create a new action script
Copy the Okta OIDC Action Script below and paste it into the script text area
Enter
setAttributesOnOktaOIDCAuth
in the Name text boxSelect the Add button
function setAttributesOnOktaOIDCAuth(ctx, api) {
let firstName = ctx.v1.providerInfo.given_name;
let lastName = ctx.v1.providerInfo.family_name;
let email = ctx.v1.providerInfo.email;
let groups = ctx.getClaim('groups');
let nameParts = [firstName, lastName];
let filteredParts = nameParts.filter(part => part);
let displayName = filteredParts.join(' ');
if (firstName != undefined) {
api.setFirstName(firstName);
}
if (lastName != undefined) {
api.setLastName(lastName);
}
if (email != undefined) {
email = email.toLowerCase();
api.setEmail(email);
api.setEmailVerified(true);
api.setPreferredUsername(email);
}
api.v1.user.appendMetadata('fiddler_authentication_type', 'SSO:OKTA:OIDC');
if (groups === null || groups === undefined){
groups = []
}
api.v1.user.appendMetadata('fiddler_groups', groups);
}
Validate the Integration
Enter your Fiddler URL. This is https://example2.dev.fiddler.ai in our example. Your Fiddler URL will vary according to your company name and the Fiddler deployment type.
Ensure you see the Fiddler Sign-on page and that the page displays the SSO Login - Okta OIDC button:
Select the button and confirm that the Fiddler application loads:
Getting Help
For additional assistance:
Review Okta system logs for authentication attempts
Verify network connectivity between Fiddler and Okta
Contact your Fiddler representative with specific error messages
Reference Documentation
For detailed configuration guidance, refer to the official documentation:
Okta OIDC Configuration Guide - Comprehensive setup instructions
General SSO Authentication Guide - Overview of SSO concepts and troubleshooting
Mapping AD Groups to Fiddler Teams - Group synchronization details
Important Notes
Automatic User Provisioning: Users are automatically created on first successful login—no manual invitations required
Data Storage: Fiddler stores only the user's first name, last name, email address, and SAML token from Okta
API Access: For programmatic API access, users must create access tokens from the "Credentials" tab in Fiddler's Settings page
Single Authentication Method: Users can only authenticate via either SSO or email authentication, not both
Next Steps
After successful integration:
Train Users: Provide guidance on accessing Fiddler through Okta SSO
Configure Teams: Set up Fiddler teams to match your organizational structure
Test Group Sync: Verify automatic group synchronization is working as expected
Monitor Usage: Review authentication logs and user access patterns
❓ Questions? Talk to a product expert or request a demo.
💡 Need help? Contact us at [email protected].