Skip to content
English
  • There are no suggestions because the search field is empty.

Configure Okta OIDC for Time Doctor

 

Note: Okta Single Sign-On (SSO) for Time Doctor is available on the Premium plan and as a paid add-on for Basic and Standard plans. Configuration can be accessed by Owners and Admins.

 

TL;DR: 
  • Add the Time Doctor application in Okta Admin Console.
  • Assign the app to the Everyone group (or specific groups/users).
  • Ensure authorization scopes include openid, profile, email, address, and phone.
  • Copy Client ID, Client Secret, and Issuer URI from Okta.
  • In Time Doctor > Settings > Company Settings > Single Sign On (SSO), click Add Provider, choose Okta, paste credentials, then Save.
  • (Optional) Add Allowed domains to enable self-join for users with matching email domains.

 

Prerequisites

  • Active Okta account with access to OIDC and Authorization Servers.
  • Active Time Doctor company account with Owner/Admin access.
 

Add the Time Doctor Application in Okta

  1. Log in to the Okta Admin Console (ensure Classic UI, not Developer Console).

    Okta_1

  2. Go to ApplicationsBrowse App Catalog.
  3. Search for Time Doctor and select the Time Doctor app (OIDC).

    Okta_2

  4. Click Add Integration.
  5. Complete the General Settings and click Done.

    Okta_3-1

Assign the Time Doctor App to Users or Groups

  1. Open the newly added Time Doctor application.
  2. Go to Assignments.
  3. Assign the app to Everyone for broad access, or to specific groups/users.
  4. Confirm the assignment under Filters → Groups (e.g., “Everyone” should appear).

    Okta_4

Define OIDC Scopes on the Authorization Server

  1. Navigate to SecurityAPIAuthorization Servers.
  2. Select the server used for Time Doctor (commonly default) and copy the Issuer URI.

    Configure Okta OIDC for Time Doctor


    Okta_5-1

  3. Go to Scopes and confirm the following scopes exist and are enabled:
    • openid
    • profile
    • email
    • address
    • phone

      Okta_6

Obtain Okta Credentials

  1. In Applications → Time Doctor → Sign On, copy the Client ID and Client Secret.
  2. In Security → API → Authorization Servers, copy the Issuer URI of the selected server.

    Okta_7

Add Okta as an SSO Provider in Time Doctor

  1. Log in to Time Doctor.
  2. Scroll to Single Sign On (SSO).
  3. Click Add Provider and select Okta.
  4. Paste the Client ID, Client Secret, and Issuer URI.
  5. Click Save.

    enable

Optional: Configure Allowed Domains

  • Add one or more domains to the Allowed Domains field to enable auto-join.
  • Users with matching email addresses can self-join the company in Time Doctor without being manually invited.
  • If no domains are added, users must be invited manually.

    okta credentials

 

Completion

The Okta OIDC integration for Time Doctor is now configured. Users in the assigned groups can log in to Time Doctor via Okta SSO.

 

 


 

 

 

Should there be any inconsistencies or concerns regarding the article, contact support@timedoctor.com for prompt assistance.