Google SSO

Lago integrates with Google Single Sign-On (Google SSO), enabling your team to access Lago using their existing Google credentials. This seamless integration allows team members to log in with their corporate Gmail accounts, eliminating the need for additional usernames and passwords. This streamlines the login process and enhances security by leveraging Google’s authentication infrastructure.

Okta SSO

PREMIUM ADD-ON

This add-on is available on demand only. Please contact us to get access to this premium add-on.

Lago integrates with Okta Single Sign-On (Okta SSO), enabling your team to access Lago using their existing Okta credentials.

Mandatory Okta settings

Configure an Authorization Server

  1. Log in to your Okta Admin Console.
  2. Navigate to SecurityAPIAuthorization Servers.
  3. Create a new server by clicking Add Authorization Server.
  4. Name: Choose a name for the auth server (e.g., Lago)
  5. Audience: Enter the audience value which is usually your app’s base URL (e.g., https://app.getlago.com or https://eu.getlago.com)
  6. Description: Optional field to describe the auth server

Create scopes

Scope define the level of access the app is requesting

  1. In the Authorization Server details, click on Scopes tab.
  2. Add a new scope that your app requires:
  3. Name: user_info
  4. Display name: Access user info
  5. Description: This allows you to use user info to sign-in/sign-up to the app
  6. User consent: Implicit
  7. Default scope: False

Create an application and settings

  1. Go to you Okta Admin Console.
  2. Navigate to ApplicationsApplications
  3. Create a new application by clicking Create App Integration
  4. Sign-in method: Define the method as OIDC - OpenID Connect & Web Application
  5. Grant type: Check the Refresh token option
  6. Sign-in redirect URLs: Enter the sign-in redirect value which is usually your app’s base URL with these values (e.g., https://app.getlago.com/auth/okta/callback or https://eu.getlago.com/auth/okta/callback)
  7. Assignments: Define the assignment option based on your policy Once created, please ensure the Refresh tokens behaviour is set to Use persistent token

Connect Lago to Okta

To connect Lago to Okta, please follow these steps:

  1. Go to your Lago Settings view.
  2. Access the Authentication section.
  3. Domain name: usually your app base URL (e.g., acme.com)
  4. Application client ID: Public identifier for the client that is required for all OAuth flows.
  5. Application client secret: Secret generated by Okta for this application
  6. Okta organization name: Name of your organization (e.g., for a trial account trial-5875810)

Once all these setups are complete, don’t forget to add users to your Okta account and verify their accounts.

Log in to Lago or join an existing organization

Once this integration is switched on, it allows team members to log in or join an existing organization with their corporate Okta accounts, eliminating the need for additional usernames and passwords. This streamlines the login process and enhances security by leveraging Okta’s authentication infrastructure.

Edit or delete Okta’s connection

Once this integration is switched on, you can edit the connection information or delete it. Please note that once deleted, you won’t be able to access Lago via Okta SSO. Use the Forgot password feature to regain access to your account.

Was this page helpful?

Suggest editsRaise issue
RBAC - Role Base Access ControlSOC 2 Type 2