Skip to main content


Styra supports OpenID Connect for Single Sign On (SSO). Configure SSO using the following settings:

  • Under WORKSPACE on the left-hand navigation panel, click <das-id>
  • Click Access Control tab.
  • Click Single Sign-On Providers.
  • Click OpenID Connect tab.

When you click the Add OpenIDConnect Provider to create a new SSO provider, you must provide the following details:

  • Provider name: The name for your identity provider setting, for example: "Corporate Okta". This name will be visible for the users on the login page.
  • Issuer URL: Your identity provider.
  • Client ID: Your identity provider.
  • Client Secret: Your identity provider.
  • Allowed Domains: The allowed authentication domain(s) of your users. For example, If the identity provider supports multiple domains, only users with these domains are allowed to access the service.
  • Scopes: The scopes that will be requested from the identity provider. By default, Styra will request the openid, email, and the profile scopes.

The email scope is REQUIRED if your identity provider does not return an email in any of the returned claims.

  • Invited users only:

    • If enabled, the authenticated user must have a pre-existing account in the service.

    • If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains, and the identity provider has assigned this user to the Styra application.

  • Enabled: Set it to TRUE.