Set Up Okta Single Sign-On (OIDC) for SparkToro
SparkToro supports Single Sign-On using OpenID Connect (OIDC) with Okta. Once configured, your team signs in to SparkToro with their Okta credentials, and new users are provisioned automatically on first sign-in up to your account's seat limit.
Supported Features
This integration supports the following Okta features:
- SP-Initiated SSO: users start at SparkToro's sign-in page (
https://sparktoro.com/account/login/sso) and authenticate with Okta. - IdP-Initiated SSO: users launch SparkToro directly from their Okta end-user dashboard.
- Just-In-Time (JIT) Provisioning: new users are created in SparkToro automatically on their first successful sign-in, up to the account's seat limit.
Prerequisites
- A SparkToro account on an Agency plan with Single Sign-On included.
- Okta administrator access.
- You are the owner of the SparkToro account. Single Sign-On is configured by the account owner.
Step 1: Add SparkToro from the Okta catalog
- In the Okta Admin Console, go to Applications > Applications.
- Click Browse App Catalog.
- Search for SparkToro and select it.
- Click Add Integration, then Done.
Okta creates an OIDC application for SparkToro with the sign-in redirect URI already configured.
Step 2: Get your client credentials from Okta
- Open the SparkToro application in Okta.
- On the General tab, under Client Credentials, copy the Client ID and Client Secret.
- Note your Okta Issuer URL, which is your Okta org URL, for example
https://your-org.okta.com.
Step 3: Enter the credentials in SparkToro
- In SparkToro, go to Account > Settings > Single Sign-On.
- Enter your Okta Issuer URL, Client ID, and Client Secret.
- Click Test Connection. SparkToro validates your Okta issuer's discovery document.
- Click Save and Enable SSO.
After you enable SSO, SparkToro enforces it for users on your verified email domain. The account owner keeps password access as a fallback so you are never locked out of billing.
Step 4: Assign users in Okta
On the Assignments tab of the SparkToro application, assign the people or groups who should have access. Only assigned users can sign in.
Signing in
- SP-initiated: users go to
https://sparktoro.com/account/login/sso, enter their work email, and authenticate with Okta. - IdP-initiated: users click the SparkToro tile on their Okta end-user dashboard.
Either way, new users are provisioned automatically on first sign-in (just-in-time), up to your account's seat limit.
Reference
- Sign-in redirect URI:
https://sparktoro.com/account/okta/callback. The catalog integration sets this automatically. - Scopes:
openid,email,profile.
Support
If you have questions or need to enforce SSO across more than one email domain, email support@sparktoro.com.