Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations

Okta IDP

The Okta IDP integration configures Incode as the authenticator and Identity Provider (IdP) for your Okta organization. This is distinct from the Okta IDV Standard integration, which uses Okta's built-in IDV Standard. The IDP path gives you broader control over how Incode is wired into Okta: as an OIDC-based authenticator, as a full SSO provider, or both.

This integration is commonly used when you want Incode biometric verification to function as an MFA factor within Okta authentication and enrollment policies, rather than as a separate identity verification step triggered by Okta's IDV Standard.

Prerequisites

Before you begin, ensure you have:

  • Access to the Integrations page in the Incode Dashboard. Contact your Incode Representative if you do not see the Integrations page.
  • An Okta Identity Engine (OIE) instance
  • An Okta administrator account with permissions to add and modify Identity Providers, Authenticators, and Authentication Policies

How It Works

The IDP integration uses an OIDC Identity Provider configured in Okta, backed by Incode. When a user is required to authenticate with the Incode factor, Okta redirects them to an Incode verification session via the OIDC flow. After the session completes, Incode returns a signed token to Okta to confirm the result.

Once the OIDC IDP is set up, you create an Okta Authenticator that wraps it, then reference that authenticator in your Enrollment and Authentication Policies to control when and for which users Incode verification is required.

Okta Environment Compatibility

Okta offers two environments with slightly different configuration paths. Use the guide appropriate to your environment:

If you are unsure which environment your organization uses, check your Okta Admin Console. OIE instances show “Identity Engine” in the footer.

Additional Configuration

After completing the authenticator setup, you may also want to configure:

  • Configure Incode as an SSO Provider: Set up Incode to act as the SSO provider for Okta-connected applications, enabling biometric login across your app portfolio.
  • Okta Directory Sync: Sync your Okta user directory with Incode to enable employee lookups and claims matching.

Updated about 1 hour ago