API DocsSubmit a Support Request

Login options (SSO)

Federating identity for Limio app users with Okta (OIDC)

Limio supports identity federation for app users, allowing you to authenticate internal users (e.g. marketers, administrators, customer support agents) into the Limio Commerce Platform using your existing identity provider (IdP), such as Okta.

Note that this is distinct from your customers or end-users logging in Limio Commerce Shop and Self-Service. Go to if that is the use case.

Identity federation is a mechanism that links Limio’s internal authentication system to your enterprise Identity Provider. This allows your internal users to securely log in without needing to create separate Limio credentials. Authentication is managed through your IdP, providing a secure, seamless experience that aligns with your existing IT policies and SSO strategy.

Limio supports all major Identity Providers that use OAuth 2.0 and OpenID Connect (OIDC), including Okta, Auth0, Microsoft Entra ID (formerly Azure AD), AWS Cognito, and more.llows Limio to verify user identity and retrieve basic user information (such as name and email).

In this guide, we’ll walk you through how to configure Okta as your IdP for internal Limio user authentication using OAuth and OIDC protocols.

Step 1: Create a new app integration in Okta

  1. Sign in to the Okta Developer Console.

  2. Go to Applications > Applications.

  3. Click Create App Integration.

  4. Choose the following:

    • Sign-in method: OIDC - OpenID Connect

    • Application type: Web Application

  5. Click Next.

Step 2: Configure your Okta app

On the New Web App Integration screen:

Setting
Value

App name

Limio App (or any name you recognise)

Grant type

Ensure Authorization Code is selected

Sign-in redirect URIs

https://your-cognito-domain.auth.region.amazoncognito.com/oauth2/idpresponse Example: https://your-app-limio.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse

Login redirect URIs

Same as above

Controlled access

Choose how you want to assign access (e.g. groups or individuals)

Click Save to complete setup.

Step 3: Share credentials with Limio

After the app is created, go to the General or Sign On tab and collect the following:

  • Client ID – Generated by Okta

  • Client Secret – Generated by Okta

  • Issuer URL – Found under OpenID Connect ID Token (e.g. https://yourdomain.okta.com/oauth2/default)

Please share these three values securely with Limio by raising a case within this help desk.

Step 4: Testing the authentication

Limio will confirm once configuration is complete and share with your a login URL. The login URL will typically look like:

https://your-cognito-domain.auth.region.amazoncognito.com/login?client_id=XXXX&response_type=code&scope=email+openid+phone&redirect_uri=https%3A%2F%2Fyour-cloudfront-url

Upon visiting this URL, users will be redirected to Okta to authenticate, then returned to Limio.

Example values

Field
Example

Redirect URI

https://your-app-limio.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse

Login URL

https://your-app-limio.auth.eu-central-1.amazoncognito.com/login?...

Issuer URL

https://yourcompany.okta.com/oauth2/default

Notes

  • Ensure your redirect URIs exactly match those configured in Okta.

  • Scopes should include at minimum: openid email profile.

  • Assign users or groups to the Okta app integration to enable access.

PreviousSecurityNextCORS Configuration

Last updated

Was this helpful?