diff --git a/build/build.js b/build/build.js
index 883af65..c809326 100755
--- a/build/build.js
+++ b/build/build.js
@@ -414,6 +414,7 @@ function genericOktaConfiguration() {
   config.AUTH_REQUEST.response_type = 'code';
   config.AUTH_REQUEST.scope = '${scope}';
   config.AUTH_REQUEST.redirect_uri = 'https://${domain-name}${callback-path}';
+  config.AUTH_REQUEST.idp = '${idp}';
 
   config.TOKEN_REQUEST.client_id = '${client-id}';
   config.TOKEN_REQUEST.redirect_uri = 'https://${domain-name}${callback-path}';
diff --git a/infra/terraform/modules/okta_native/parameters.tf b/infra/terraform/modules/okta_native/parameters.tf
index 3f2e9c7..beb7c26 100644
--- a/infra/terraform/modules/okta_native/parameters.tf
+++ b/infra/terraform/modules/okta_native/parameters.tf
@@ -46,3 +46,10 @@ resource "aws_ssm_parameter" "scope" {
   value = var.scope
   tags  = var.tags
 }
+
+resource "aws_ssm_parameter" "idp" {
+  name  = "/${var.name}/idp"
+  type  = "String"
+  value = var.idp
+  tags  = var.tags
+}
diff --git a/infra/terraform/modules/okta_native/variables.tf b/infra/terraform/modules/okta_native/variables.tf
index da9e868..82567f7 100644
--- a/infra/terraform/modules/okta_native/variables.tf
+++ b/infra/terraform/modules/okta_native/variables.tf
@@ -64,3 +64,9 @@ variable "kms_key_arn" {
   type        = string
   default     = null
 }
+
+variable "idp" {
+  description = "Identity provider to use if there's no Okta Session"
+  type        = string
+  default     = ""
+}
diff --git a/mocha/custom-config.json b/mocha/custom-config.json
index 987c872..d9fd87e 100644
--- a/mocha/custom-config.json
+++ b/mocha/custom-config.json
@@ -3,7 +3,8 @@
         "client_id": "abcdefghijklmnopqrst",
         "response_type": "code",
         "scope": "openid email",
-        "redirect_uri": "http://my-website.com/_callback"
+        "redirect_uri": "http://my-website.com/_callback",
+        "idp": "abcdefghijklmnopqrst"
     },
     "TOKEN_REQUEST": {
         "client_id": "0oa1imdxt88mdVZabcdefghijklmnopqrstod0h8",
diff --git a/mocha/generic-config.json b/mocha/generic-config.json
index 20b6e69..2d82fd3 100644
--- a/mocha/generic-config.json
+++ b/mocha/generic-config.json
@@ -2,8 +2,9 @@
     "AUTH_REQUEST": {
         "client_id": "${client-id}",
         "response_type": "code",
-        "scope": "openid email",
-        "redirect_uri": "https://${domain-name}${callback-path}"
+        "scope": "${scope}",
+        "redirect_uri": "https://${domain-name}${callback-path}",
+        "idp": "${idp}"
     },
     "TOKEN_REQUEST": {
         "client_id": "${client-id}",