Applies to:

AWS Wickr and Wickr Enterprise both can be configured to use an SSO system to authenticate. This gives an added layer of security when paired with an appropriate MFA system. This FAQ shows how to add Okta SSO to both an AWS and an Enterprise network.

Warning:  Once SSO is enabled on a network it will
sign active users out of Wickr and force them to
re-authenticate using the SSO provider.

Okta Configuration:

The first step is to create an app integration under Applications:

After choosing OIDC, select the Native Application type:

 The last step is to choose the settings for Wickr and click Save:

Shown above, the Redirect URI for AWS Wickr is:

https://messaging-pro-prod.wickr.com/deeplink/oidc.php

The Redirect URI for Wickr Enterprise is:

https://<App Server IP/DNS>/deeplink/oidc.php

and the following Grant Types allowed:

• Authorization Code
• Refresh Token
• Implicit (Hybrid)

Next, Okta will supply a Client ID. We'll add this value to the Wickr side!

Wickr doesn't use Client Secrets with Okta.

Wickr SSO Setup:

The first step is to navigate to the SSO Configuration page in Network Settings:

The following is needed to add SSO with Okta:

• SSO Issuer - This is the URL of your Okta instance.
• SSO Client ID - This was provided when setting up Okta under Client Credentials
• Company ID - This can be any text value and must be unique. This text is what your users will enter when registering on new devices.

All that's left is to click Test and Save at the top of the page.