Securely share links to ClickUp public views via OpenID Connect (OIDC).

What you'll need

• A Workspace owner or admin will need to configure OpenID Connect for your Workspace.
• An Okta admin account.
• Public views authentication is only available on Enterprise Plans.

Copy your callback URL

During the configuration in the Okta App Integration Wizard, you'll need to paste your callback URL. To copy your callback URL from CickUp:

1. Activate public views authentication in ClickUp.
2. To the right of the Callback URL field, click Copy.
   
3. Your callback URL should follow this format based on your ClickUp configuration: https://app.clickup.com/data/v3/workspaces/{workspaceId}/oidc/callback.

Register a new application in Okta

To register a new application in Okta:

1. Log in to your organization's Okta Admin Dashboard.
2. Select the Applications tab.

3. Select Applications.

   

4. Click Create App Integration.
5. For the Sign-in method, select OIDC - OpenID Connect.
6. For the application type, select Web Application.
7. Click Next.

Configure application settings

To configure application settings in Okta:

1. In the App Integration Wizard's General Settings section, configure these fields:
   • App integration name: Enter a descriptive name. For example, ClickUp OIDC integration.
   • App logo: Optional. Upload a logo.
2. In the Logout section, configure these fields:
   • Sign-in redirect URIs: Paste the value from the Callback URL field in ClickUp. This is where Okta sends OAuth responses.
   • Sign-out redirect URIs: Optional. Enter the redirect URL if needed for your application. This is where Okta redirects the browser after signing out from the relying party and ending its session.
3. In the Assignments section, these Controlled access options let you choose who can access this application:
   • Allow everyone in your organization to access: The default option.
   • Limit access to selected groups: Enter the names of the groups that can access the app.
   • Skip group assignment for now: Create the app without assigning any groups.
4. Click Save.

Configure OIDC settings

To configure OIDC settings in Okta:

1. On the Application Details page, open the General tab in the Client Credentials section.
2. Copy the Discover Document URL. The Discovery URL for Okta follows this format: https://your-org.okta.com/.well-known/openid-configuration. Replace your-org with your Okta organization subdomain. The Discovery URL will populate these fields in ClickUp:
   • Issuer: issuer
   • Authorization Endpoint: authorization_endpoint
   • Token Endpoint: token_endpoint
   • UserInfo Endpoint: userinfo_endpoint
   • JWKS URI: jwks_uri
3. Copy the Client ID value. For example: 0oa2xyz123abc456def
4. Copy the Client Secret value.

Ensure that you store the Client Secret securely. It won't be shown in plain text again.

Configure additional settings

These settings are optional:

• Token Lifetime Settings: In the General tab, scroll down to General Settings. Adjust Refresh Token and Access Token lifetimes if needed.
• Allowed Grant Types: If you're configuring this field, ensure Authorization Code is enabled, as it's required for the OIDC workflow. 

Test your configuration

These configurations will be processed by your ClikUp OIDC service automatically to derive all other necessary endpoints and settings. 

To test your configuration:

1. Use the discovery URL in a browser to verify that it returns a valid JSON configuration.

   • For example: 

     { 
         "clientId": "0oa2xyz123abc456def",
         "clientSecret": "very-long-secret-string-here",
         "discoveryUrl": "https://your-org.okta.com/.well-known/openid-configuration"
     }

2. Test the OIDC flow using your application.
3. Verify that the callback URL is accessible and properly configured.