home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Configure Okta Application

Create Web Application Integration in Okta

Because the sign-in redirect URI for an Okta web app integration is region-specific, contact Lookout Customer Support to find out the correct URI to enter. Enter that URI as instructed in these steps.

  1. Sign into the Okta application.
  2. Click the icon at the upper left to display the Okta navigation menu on the left side of the screen.

  3. From the navigation menu, select Applications > Applications.

  4. Click Create App Integration.

  5. From the Create a new app integration page, select:
    • OIDC - OpenID Connect as the sign-in method

    • Web Application as the Application type.

  6. Click Next.
  7. From the New Web App Integration page, enter or select the following information.

    • App integration name - Enter a name for the integration.
    • Logo (optional) - Upload your company logo.
    • Grant type -
    • Leave the Client acting on behalf of itself box unchecked.
    • Under Client acting on behalf of a server, check Refresh Token.
    • Sign-in redirect URIs - Enter the URI provided by Lookout Customer Support. (The URI shown is an example.)
    • Sign-out redirect URIs - Leave this field empty.
    • Controlled access - Select Allow everyone in your organization to access.
    • Enable immediate access - Check Enable immediate access with Federation Broker Mode.
  8. Click Save.

    Okta displays the Client Credentials for the app integration you are creating and generates a Client ID, which is a public identifier for the client. This identifier is required for all Oauth flows.

    You will need the client ID when you add the Okta instance in the Lookout Management Console. To copy the client ID to your clipboard, click the Clipboard icon to the right.

    The Client Secret option is selected by default. The Client Secrets section shows the last client secret that Okta generated and the date it was created. For new app integrations, the date will be the date on which you created the integration. The characters in the secret are masked by dots. To view the secret, click the eye icon to the right.

    You will need the client secret when you add the Okta instance in the Lookout Management Console. To copy the client secret to your clipboard, click the Clipboard icon to the right.

  9. Select the API Scopes tab.
  10. Grant access to the following four scopes:
    • okta.users.read
    • okta.domains.read
    • okta.groups.read
    • okta.roles.read

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.