Configure Okta OIDC for Time Doctor

Prerequisites

• Active Okta account with access to OIDC and Authorization Servers.
• Active Time Doctor company account with Owner/Admin access.

Add the Time Doctor Application in Okta

1. Log in to the Okta Admin Console (ensure Classic UI, not Developer Console).
   
   
   
   
2. Go to Applications → Browse App Catalog.
3. Search for Time Doctor and select the Time Doctor app (OIDC).
   
   
   
   
4. Click Add Integration.
5. Complete the General Settings and click Done.
   
   
   
   

Assign the Time Doctor App to Users or Groups

1. Open the newly added Time Doctor application.
2. Go to Assignments.
3. Assign the app to Everyone for broad access, or to specific groups/users.
4. Confirm the assignment under Filters → Groups (e.g., “Everyone” should appear).
   
   
   
   

Define OIDC Scopes on the Authorization Server

1. Navigate to Security → API → Authorization Servers.
2. Select the server used for Time Doctor (commonly default) and copy the Issuer URI.
   
   
   
   
   
   
   
   
3. Go to Scopes and confirm the following scopes exist and are enabled:
   • openid
   • profile
   • email
   • address
   • phone
     
     
     
     

Obtain Okta Credentials

1. In Applications → Time Doctor → Sign On, copy the Client ID and Client Secret.
2. In Security → API → Authorization Servers, copy the Issuer URI of the selected server.
   
   
   
   

Add Okta as an SSO Provider in Time Doctor

1. Log in to Time Doctor.
2. Go to Settings / Company Settings.
3. Scroll to Single Sign On (SSO).
4. Click Add Provider and select Okta.
5. Paste the Client ID, Client Secret, and Issuer URI.
6. Click Save.
   
   
   
   

Optional: Configure Allowed Domains

• Add one or more domains to the Allowed Domains field to enable auto-join.
• Users with matching email addresses can self-join the company in Time Doctor without being manually invited.
• If no domains are added, users must be invited manually.
  
  

Completion