Set Up Okta Single Sign-On (OIDC) for SparkToro

Last updated 1784073600

Set Up Okta Single Sign-On (OIDC) for SparkToro

SparkToro supports Single Sign-On using OpenID Connect (OIDC) with Okta. Once configured, your team signs in to SparkToro with their Okta credentials, and new users are provisioned automatically on first sign-in up to your account's seat limit.

Supported Features

This integration supports the following Okta features:

  • SP-Initiated SSO: users start at SparkToro's sign-in page (https://sparktoro.com/account/login/sso) and authenticate with Okta.
  • IdP-Initiated SSO: users launch SparkToro directly from their Okta end-user dashboard.
  • Just-In-Time (JIT) Provisioning: new users are created in SparkToro automatically on their first successful sign-in, up to the account's seat limit.

Prerequisites

  • A SparkToro account on an Agency plan with Single Sign-On included.
  • Okta administrator access.
  • You are the owner of the SparkToro account. Single Sign-On is configured by the account owner.

Step 1: Add SparkToro from the Okta catalog

  1. In the Okta Admin Console, go to Applications > Applications.
  2. Click Browse App Catalog.
  3. Search for SparkToro and select it.
  4. Click Add Integration, then Done.

Okta creates an OIDC application for SparkToro with the sign-in redirect URI already configured.

Step 2: Get your client credentials from Okta

  1. Open the SparkToro application in Okta.
  2. On the General tab, under Client Credentials, copy the Client ID and Client Secret.
  3. Note your Okta Issuer URL, which is your Okta org URL, for example https://your-org.okta.com.

Step 3: Enter the credentials in SparkToro

  1. In SparkToro, go to Account > Settings > Single Sign-On.
  2. Enter your Okta Issuer URL, Client ID, and Client Secret.
  3. Click Test Connection. SparkToro validates your Okta issuer's discovery document.
  4. Click Save and Enable SSO.

After you enable SSO, SparkToro enforces it for users on your verified email domain. The account owner keeps password access as a fallback so you are never locked out of billing.

Step 4: Assign users in Okta

On the Assignments tab of the SparkToro application, assign the people or groups who should have access. Only assigned users can sign in.

Signing in

  • SP-initiated: users go to https://sparktoro.com/account/login/sso, enter their work email, and authenticate with Okta.
  • IdP-initiated: users click the SparkToro tile on their Okta end-user dashboard.

Either way, new users are provisioned automatically on first sign-in (just-in-time), up to your account's seat limit.

Reference

  • Sign-in redirect URI: https://sparktoro.com/account/okta/callback. The catalog integration sets this automatically.
  • Scopes: openid, email, profile.

Support

If you have questions or need to enforce SSO across more than one email domain, email support@sparktoro.com.

Was this article helpful?