Set up OKTA Single Sign-On (SSO) for WaiverForever
This guide explains how to configure OKTA Single Sign-On (SSO) for your WaiverForever account. Once enabled, your team members can securely log in using their OKTA credentials.
Prerequisites
- OKTA administrator access
- WaiverForever Scale plan with SSO enabled
- Owner or Administrator role in WaiverForever
Part 1: Configure the OKTA Application
Step 1: Create a New App Integration
- Log in to the OKTA Admin Console
- Go to Applications → Applications
- Click Create App Integration
Step 2: Select the Application Type
- Choose OIDC – OpenID Connect
- Select SPA (Single Page Application)
- Click Next
Step 3: Configure Application Settings
General Settings
- App integration name:
WaiverForever - Logo: Optional
Grant Type with: Authorization Code + Implicit (Hybrid)
- Authorization Code (recommended)
Sign-in Redirect URIs
https://app.waiverforever.com/page/signin-callbackAssignments
- Choose Allow everyone in your organizationor assign specific users / groups as needed
Step 4: Save and Record Configuration
After saving the application, note the following values (required in Part 2):
- Client ID (from Client Credentials)
- OKTA Domain, for example:
https://your-company.okta.com
Part 2: Configure SSO in WaiverForever
- Log in to WaiverForever as an Owner or Administrator
- Go to Account Settings → General
- Scroll to Single Sign-On (SSO)
- Enter:
- Identity Provider: OKTA
- OKTA Domain
- Client ID
- Enable SSO and save changes
Troubleshooting
❌ “IdP not found”
Possible causes
- Organization name mismatch
- SSO is disabled
- SSO configuration was removed
How to fix
- Verify the Organization Name in WaiverForever
- Ensure SSO is Enabled
- Confirm the SSO login URL matches exactly
❌ “Identity Provider URL not found”
Possible causes
- Incorrect OKTA domain
-adminsuffix included
How to fix
- Use:
https://your-company.okta.com- Do NOT use:
https://your-company-admin.okta.com
❌ “Missing email in IdP response”
Possible causes
- Email claim not included in OKTA token
How to fix
- In OKTA, open the WaiverForever app
- Go to Sign On → ID Token
- Ensure email is included in token claims
- Save and test again
❌ User cannot see the OKTA login page
Possible causes
- User not assigned to the app
How to fix
- Go to Applications → WaiverForever
- Open Assignments
- Assign the user or their group
❌ Redirect URI mismatch
How to fix
- Confirm the redirect URI in OKTA matches exactly:
https://app.waiverforever.com/page/signin-callback- Save and retry login