It looks like you're using Google Chrome - try our powerful extension! Find out more. Add to Chrome
x
Help Center Getting StartedOther IntegrationsOkta SSO with Groups

Setting up Okta Groups Mapping with ChargeDesk

ChargeDesk supports integrating with Okta as an OpenID Connect provider. This enables Single Sign On (SSO) for your team, allowing them to sign in to ChargeDesk using their Okta account.

If you want to map Okta groups to specific ChargeDesk roles (e.g., "Okta-Admins" → Admin, "Okta-Agents" → Agent), enable group mapping for more granular control. This requires creating an App Integration in Okta.

This guide will help you configure Okta to work with groups mapping in ChargeDesk, allowing you to sync Okta groups with ChargeDesk roles.

Step 1: Create a New App Integration

  1. Log into your Okta Admin Console
  2. Navigate to Applications > Applications
  3. Click Create App Integration
  4. Select OIDC - OpenID Connect as the Sign-in method
  5. Select Web Application as the Application type
  6. Click Next

Step 2: Configure App Settings

  1. Enter ChargeDesk as the App integration name
  2. Under Grant type, select both:
    • Client Credentials
    • Authorization Code
  3. For Sign-in redirect URIs, enter: 
    https://chargedesk.com/sso/redirect
  4. For Sign-out redirect URIs, enter: 
    https://chargedesk.com/sso/sign-out
  5. Under Controlled access, choose one of:
    • Allow everyone in your organization to access - for full organization access
    • Limit access to selected groups - to restrict access to specific groups
  6. Click Save

Step 3: Configure Groups Claim

  1. After creating the app, go to the Sign On tab
  2. Click Edit next to OpenID Connect ID Token
  3. Find the Groups claim filter section
  4. Configure the following:
    • Claim name: groups
    • Match type: Select Matches regex
    • Value: .* (this will include all groups)
  5. Click Save

Step 4: Complete Setup in ChargeDesk

  1. Copy your Client ID and Client Secret from the Okta app's General tab
  2. In ChargeDesk, navigate to your SSO settings
  3. Enter the Okta configuration details including the Client ID and Client Secret
  4. Select Map SSO Groups to ChargeDesk Roles next to Access Levels

Note: Users will be automatically assigned to ChargeDesk teams based on their Okta group membership. Make sure your Okta groups are properly configured before enabling this feature.

Best Practices for App Assignments

Assign users via groups for dynamic access - direct individual assignments may skip groups in tokens.

  1. In Applications > ChargeDesk > Assignments tab.
  2. Remove individual user assignments (keep groups).
  3. Assign groups (e.g., "ChargeDesk-Admins") to the app users in them inherit access.
  4. Verify: Groups should show >0 Applications in Directory > Groups.

Please Sign In

Help, I've forgotten my password!
Sign up using Stripe
Sign up using PayPal
Sign up using Zendesk
or
Sign in to an existing account