For Single Sign-On (SSO) to function properly, a user with a matching email address must already exist within
directus_users. If you would like to manage users externally then you would use our SCIM endpoints.
Table of Contents
We support google SSO with both Google+ (soon to be discontinued) and OpenID Connect.
Follow Google instructions on how to register an app and get the
If you want to use Google+ API, Read these steps on how to enable/disable Google+ APIs
- Sign Up: First create a Developer Okta account at https://developer.okta.com/signup/
- Get Email: Once you've created an account, a temporary password will be emailed to you.
- Log In: Activate your account by logging in with this temporary password and setting a new password.
- Create App: Create a new Okta web application by choosing Applications in the main menu and then clicking on "Add Application".
- Choose Web: Pick Web, click Next.
- Login Redirect: Make sure that Login Redirect URIs is set to
[your-directus-host]/[project-name]/auth/sso/okta/callback. For example
- Get Keys: Click on the newly created application and go to General > Client Credentials and you will see the
Client IDand the
Client Secret. Use these values for the Okta
client_secretin your API project configuration, eg:
- Base URL: The
base_urlcan be found under API in the main menu. You will see a list of Authorization Servers to pick from. The URL is under the column labeled
Okta is also capable of externally managing your Directus users, allowing for more unified user provisioning within your organization. This is accomplished by using our API's dedicated SCIM endpoints.