This guide will walk you through the process of integrating Single Sign-On (SSO) with Toolio using OpenID Connect (OIDC). This will allow you to securely connect your identity provider (such as Okta or Microsoft Entra ID) with Toolio, enabling your users to authenticate seamlessly with their existing credentials. You will find specific details and steps for:
Generic SSO via OIDC
Parameters Needed to Create an SSO via OIDC App
Auth URL, eg: https://{tenant}.toolio.com/api/openid/authorize
Logout URL, eg: https://{tenant}.toolio.com/api/auth/logout
Callback URL, eg: https://{tenant}.toolio.com/api/openid/callback
If you don’t know your tenant name please reach out to your CSM.
Parameters Needed By Toolio
Client ID
Random generated alphanumeric from SSO app
Client Secret
Random generated alphanumeric from SSO app
Configuration URL, eg: https://oauth.id.jumpcloud.com/.well-known/openid-configuration
This URL usually ends with “.well-known/openid-configuration”
Providing SSO Information to Toolio
Upload client id, client secret and configuration url to:
OKTA Setup
Please follow the steps below if you are using OKTA SSO
Navigate to Admin Console
Navigate to Application and Click Create App Integration
Select OIDC and Web Application
Fill out the required field as shown and hit save
Click Edit in General Settings
Navigate to Login Section and Change Initiate Login URI
Providing SSO Information to Toolio
Upload the below fields to https://toolio.sendsafely.com/dropzone/integrations
clientId
clientSecret
configurationUrl e.g. https://<okta_tenant>.okta.com/.well-known/openid-configuration?client_id=<clientId>
Toolio User Role Groups
Please ensure that user role groups are created in your OKTA integration and assigned to users. Toolio will use them in the authorization step.
Default Groups:
Toolio Admin
Toolio Editor
Toolio Reader
Please see here for additional details from Okta: https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-groups-create.htm
Assign Groups to Integration
To allow users to access Toolio after adding groups, assign the groups to the integration for use by following the steps in this video:
Microsoft Entra ID Setup
Access the Azure Portal
Open your web browser and navigate to Azure Portal.
Go to Microsoft Entra Id
In the left sidebar, click on "Azure Active Directory" (formerly Microsoft Entra ID).
Select App Registrations
From the left menu, select "App registrations."
Create a New Registration
Click on the "New registration" button at the top of the page.
Configure Application Details
Name: Enter a name for your application (e.g., "MyApp").
Redirect URI:
Platform: Select "Web" from the dropdown.
Value: Enter
https://<tenant>.toolio.com/api/openid/callback
Register the Application
Click the "Register" button at the bottom of the form.
You will be redirected to the application overview page.
Providing SSO Information to Toolio
Note Application (Client) ID
On the overview page, find the "Application (client) ID." Copy this value and share it using the secure link we provided.
Create Client Secret
On the application page, look for "Certificates & secrets" in the left sidebar.
Click on "New client secret."
Description: Provide a description for your secret (e.g., "MyApp Secret").
Click "Add."
Once created, the "Value" for your client secret will be displayed. Copy this value and share it using the secure link we provided
Access Endpoints
In the left sidebar, click on "Overview."
From the top menu, click on "Endpoints."
Locate the "OpenID Connect metadata document" URL. Copy this link and share it using the secure link we provided.
Secure Link
Upload Application (client) ID, Client Secret Value and configuration url to