The objective of this document is to provide the necessary details to integrate Okta with your Unthread account. Okta integration provides seamless SSO that automatically creates users in your Unthread dashboard when they log in with their Okta credentials. If you have any questions, please reach out to your onboarding representative.

Supported features

  • Service Provider (SP)-Initiated flow
  • Identity Provider (IDP)-Initiated flow
  • Just-In-Time Provisioning
  • Full directory sync

Getting started

  • From the “Applications” tab, click “Create App Integration”.
  • From the provided sign-in method options, choose “OIDC - OpenID Connect”. This will allow you to select an application type. Choose “Web Application” and click Next.
  • On the new page, fill out the application name, for example “Unthread”.
  • For Grant Type, make sure “Authorization Code” is checked.
  • Enter the Sign-in redirect URI. This is based on the subdomain associated with your account. For example, if you access your dashboard through “piedpiper.unthread.io”, enter https://piedpiper.unthread.io/__/auth/handler.
  • Enter the Sign-out redirect URI. This is also based on the subdomain associated with your account. For “piedpiper.unthread.io” this would be https://piedpiper.unthread.io/logout.
  • Leave the Trusted Origins section blank.
  • Under Assignments, you have the option to enable Unthread for everyone in your organization or limit access to certain users. This can also be skipped for now and configured later.
  • Click Save.
  • (Optional) After saving, you will have the ability to enable Identity Provider Initiated (IdP) Login. Click “Edit” in the General Settings section and scroll down to the Login section. Change “Login initiated by” from “App Only” to “Either Okta or App”. Check off the “Application visibility” options you want to enable for your users. Set “Login flow” to “Redirect to app to initiate login (OIDC Compliant)“. The “Initiate login URI” is also based on the subdomain associated with your account. For “piedpiper.unthread.io” this would be https://piedpiper.unthread.io/login/okta-oidc.

Sending the configuration to Unthread

From the application page, navigate to the “General” tab, and send the Client ID and Client secret to your Unthread representative over Slack or via email at [email protected].

Logging in with Okta

There are two ways that your team can log into your Unthread dashboard with Okta:

  • Go to https://<your-subdomain>.unthread.io/ and click Log in with Okta
  • Go to your Okta homepage and select the “Unthread” tile
HRIS & Directory Sync