Custodia currently provides SSO integrations for Google, Microsoft, and OpenID Connect (OIDC) identity providers like Okta. If you would like other SSO options please contact your Custodia representative at support@custodia.ai.
- Navigate to https://my.custodia.ai from your browser (Chrome is recommended).
- Enter your corporate email address.
- Click on the Sign in with Google button.
- Authenticate with Google and then you will be able to use the Custodia interface.
Mobile Application
- Open the Custodia app on your iOS or Android device. Enter your corporate email address.
- Click on the Sign in with Google button.
- Authenticate with Google and then you will be able to use the Custodia interface.
Okta Single Sign-On
Supported Features
- Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Custodia’s web or mobile apps.
Requirements
In order to proceed with configuring login with SSO through Okta, you must:
- Have access to an Okta tenant
- Be an Okta administrator to that tenant
Configuration Steps
Step 1 - Coordinate with Custodia Support
- Reach out to support@custodia.ai to begin the process. They will provide you with your Custodia Tenant ID.
Step 2 - Add the Custodia App to Okta
- Log in to your organization’s Okta tenant and navigate to the admin console.
- Navigate to Applications → Applications and click Create App Integration
- Sign-in method: OIDC - OpenID Connect
- Application type: Web Application → Select “Next”
- App integration name: Custodia (you can use the name of your choice)
- Enter your Custodia Tenant ID as provided earlier by Custodia support.
- Grant type: Authorization Code, Refresh Token
- Sign-in redirect URIs: https://my.custodia.ai/auth/openid/callback/{{TenantId}} Be sure to remove any other characters in the URI fields
- Login initiated by: App Only
- Assignments: Any people or groups you'd like to test with that have previously been configured on Custodia's side. (at minimum, your user)
- Click Save
- Note the Client ID and Client secret values.
- Note: These values allow Custodia to communicate with Okta. The Client ID is a public identifier for the client that is required for all OAuth/OIDC flows. The Client secret is a private identifier which you should not share or broadly distribute.
- Note the link to OpenID Provider Metadata below the setup instructions button.
Step 3 - Complete the configuration with Custodia Support
- Provide the Okta Client ID, Client secret, and OpenID Provider Metadata link to Custodia support.
- They will complete the configuration on the Custodia side.
Step 4 - Confirm SSO Functionality
- Open Custodia web or mobile application and enter your email address.
- Click the Sign in with OpenID button.
- Sign in to your Okta tenant and you will be redirected back to your Custodia dashboard.