Persona logoPersona Help Center
ArticlesCommunityAcademyDeveloper DocsSystem Status
Menu icon

Articles

Getting started
Solutions
Inquiries
Verifications
Accounts
Transactions
Reports
Cases
Workflows
Graph
Marketplace and 3rd-Party Integrations
Productivity Integrations
Data Integrations
Workforce Integrations
Using Workforce integrations
Fountain
Microsoft Entra ID
Okta
ServiceNow
Workday
Other Platform Products
Admin
For end users

Get help now

Submit a request
Marketplace and 3rd-Party Integrations
Workforce Integrations
Okta

How to configure Okta (via OIDC) to trigger identity verification with Persona

About OpenID Connect (OIDC) with Persona

Persona now supports acting as an OpenID Connect (OIDC) Identity Provider (IdP) authenticator.

This allows Identity and Access Management (IAM) solutions, such as Okta, to call Persona for identity verification as part of authentication flows (e.g. application sign-on policies).

For example, your Okta administrator could require identity verification before an employee can access sensitive applications (such as those containing production or financial data).

Note: This differs from Persona’s existing Okta integration as an IDV identity provider, which is exclusively triggered through Okta’s account management policy (OAMP).

Okta Configuration Guide

Follow the steps below to configure Persona OIDC as an Identity Provider in Okta.

1. Add Persona OIDC as an Identity Provider

In the Okta Admin Dashboard, navigate to:

Security → Identity Providers → + Add Identity Provider
Select OpenID Connect, scroll down, and click Next. Fill in the following details and save. Okta OIDC step 1

General Settings

  • Name: Persona OIDC (use a distinct name from “Persona IDV`)
  • IdP Usage: Factor only
  • Scopes: No changes

Client Details

  • Client ID: Provided by Persona
  • Authentication Type: Client secret
  • Client Secret: Provided by Persona
  • Authorize Requests: No changes
  • PKCE: No changes

Endpoints

Use the values below or copy from:
https://authenticate.withpersona.com/authenticate/oidc/.well-known/openid-configuration

Endpoint URL
Issuer https://authenticate.withpersona.com/authenticate/oidc
Authorization https://authenticate.withpersona.com/authenticate/oidc/authorize
Token https://authenticate.withpersona.com/authenticate/oidc/token
JWKS https://authenticate.withpersona.com/authenticate/oidc/jwks
Userinfo https://authenticate.withpersona.com/authenticate/oidc/userinfo

Authentication Settings

  • No setting changes

JIT Settings

  • No setting changes

2. Add the IdP as an Authenticator

Navigate to:

Security → Authenticators → Add Authenticator → IdP Authenticator
Select the newly created Persona OIDC.

3. Update Authentication Policies

Navigate to:

Security → Authentication Policies
Create a new policy or edit an existing one.

To preserve administrator access in case Persona OIDC is unavailable, ensure at least one admin or group is excluded from this policy.

For testing, the Okta Dashboard policy can be useful. okta policy Steps:

  1. Edit the Catch-all Rule or create a new rule
  2. Under Authentication Methods, select:
    Allow specific authentication methods → Persona IdP

4. Configure Persona Marketplace Integration for Employee Data

Context

To match IDV results to Okta profiles, Persona requires API access to your Okta tenant. OIDC only passes the username (typically email), so Persona must retrieve additional attributes such as first and last name.

Steps

  1. Follow the Help Center guide:
    https://help.withpersona.com/articles/2MTecveKOnadYlNqOY4BFr/
  2. Add your Okta credentials in the Persona Dashboard
  3. Notify your Persona account team so they can finalize setup and enable profile comparison