Organization Owner access is required in PlayerZero to configure SSO. Okta Administrator access is required in Okta to create the app registration and adjust settings.
Overview
This guide walks you through creating an Okta app registration and wiring it to PlayerZero. We use the OIDC Authorization Code flow with PKCE. PlayerZero only requests standard OIDC claims.Prerequisites
- A PlayerZero organization where you are an Owner
- Admin access to Okta Portal for your tenant
- PlayerZero redirect URL:
https://playerzero.ai/api/auth/sso
Step 1 — Create the App Registration in Okta:
- Select Sign-in method
OIDC - OpenID Connect: - Select Application Type as Web registration:
Step 2 — App Settings
On the New Web App Integration Screen:- Toggle Core Grants:
Authorization CodeRefresh Token
- Set redirect URL:
https://playerzero.ai/api/auth/sso - Remove Sign-out redirect URL
- Toggle
Limit Access to selected groupsand select your PlayerZero (or equivalent) group. - Under the newly created App
Generalsettings tab, toggle onRequire PKCE as additional verification
Step 3 — Configure PlayerZero
- In PlayerZero, open Settings → SSO Configuration → Add SSO Configuration.
- Fill in:
Fetch SSO config from well-known endpointwith yourIssuer URLand append/.well-known/openid-configuration.- Issuer URL can be found under the Security dropdown —> API
- Click Fetch from Well-Known
- Verify your organization’s domain and other autofilled settings.
- Enter your
Client IDandClient Secret Value. - Add the
openid profile email offline_accessscopes. - Toggle on
Use PKCE (Proof Key for Code Exchange).
Step 4 — Test the Connection
- In PlayerZero SSO Configuration, click Test Connection.
- Complete the Okta sign-in in the popup.
- On success, click Save Configuration.
Next Steps — Rollout & User Impact
Once SSO is saved and enabled, PlayerZero will invalidate existing sessions:- All users will be logged out of PlayerZero.
- When users log back in through SSO, they will be able to access all previous work. No data will be lost in the transition.