ToolJet/docs/versioned_docs/version-2.68.0/user-authentication/sso/openid/okta.md

---
id: okta
title: Okta
---

# Okta Single Sign-On

1. Sign in to the [Okta developer console](https://developer.okta.com/).

2. Navigate to the **Applications** section and click **Create App Integration**.
<div style={{textAlign: 'center'}}>
<img className="screenshot-full" src="/img/sso/okta/create-app.png" alt="Okta: SSO" width="700"/>
</div>

3. Select **OIDC - OpenID Connect** as the **Sign-in method** and **Web Application** as the **Application type**. Click on the **Next** button.
<div style={{textAlign: 'center'}}>
<img className="screenshot-full" src="/img/sso/okta/create-app-s1.png" alt="Okta: SSO" width="700"/>
</div>

4. Enter an **App integration name** and set the **Sign-in redirect URIs** to `<YOUR-DOMAIN>/sso/openid`.
  <div style={{textAlign: 'center'}}>
  <img className="screenshot-full" src="/img/sso/okta/create-app-s2.png" alt="Okta: SSO" width="700"/>
  </div>

5. Create the application and configure **Client Credentials** in the UI.
  <div style={{textAlign: 'center'}}>
  <img className="screenshot-full" src="/img/sso/okta/create-app-s4.png" alt="Okta: SSO" width="700"/>
  </div>

6. To display your application on Okta, edit the application and set the following:
   - **Login initiated by**: Either Okta or App
   - Set visibility according to your preference
   - **Login flow**: Redirect to app to initiate login (OIDC Compliant)
  <div style={{textAlign: 'center'}}>
  <img className="screenshot-full" src="/img/sso/okta/create-app-s5.png" alt="Okta: SSO" width="700"/>
  </div>

:::info Change Grant type
To change the Login flow to **Redirect to app to initiate login (OIDC Compliant)**, you must change the **Grant type** in the **Client acting on behalf of a user** section to **Implicit (hybrid)** and enable **Allow Access Token with implicit grant type**.
:::

7. The Okta sign-in button will now appear on your ToolJet login screen.

:::info Find Well Known URL
For more information on finding the Well Known URL, refer to the [Okta Auth Servers documentation](https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server).
:::
[docs]: v2.68.0-Beta (#10755) * docs: jira * docs: formatting + Client Credentials grant type * docs: connection string pgsql * docs: parameterized queries mysql * docs: parameterized queries in PostgreSQL * docs: update mysql example * docs: TJDB sql editor * docs: add metadata to REST API * docs: add, update postgresql media * docs: add metadata to graphql * docs: update parameterized queries * docs: add parameterized queries for mssql * docs: add SSL Cert to mysql * docs: TJDB SQL restricted commands * docs: update JIRA token location * docs: update delete issue example * docs: update find user by query example * docs: remove session id from get assignable users * docs: use correct image for get issues for board * docs: update create issue example * docs: update delete issue media * docs: update assignable users media * docs: update examples * docs: update key desc * docs: v2.68.0-Beta 2024-09-13 13:53:19 +00:00			`---`
			`id: okta`
			`title: Okta`
			`---`

			`# Okta Single Sign-On`

			`1. Sign in to the [Okta developer console](https://developer.okta.com/).`

			`2. Navigate to the Applications section and click Create App Integration.`
			`<div style={{textAlign: 'center'}}>`
			`<img className="screenshot-full" src="/img/sso/okta/create-app.png" alt="Okta: SSO" width="700"/>`
			`</div>`

			`3. Select OIDC - OpenID Connect as the Sign-in method and Web Application as the Application type. Click on the Next button.`
			`<div style={{textAlign: 'center'}}>`
			`<img className="screenshot-full" src="/img/sso/okta/create-app-s1.png" alt="Okta: SSO" width="700"/>`
			`</div>`

			4. Enter an App integration name and set the Sign-in redirect URIs to `<YOUR-DOMAIN>/sso/openid`.
			`<div style={{textAlign: 'center'}}>`
			`<img className="screenshot-full" src="/img/sso/okta/create-app-s2.png" alt="Okta: SSO" width="700"/>`
			`</div>`

			`5. Create the application and configure Client Credentials in the UI.`
			`<div style={{textAlign: 'center'}}>`
			`<img className="screenshot-full" src="/img/sso/okta/create-app-s4.png" alt="Okta: SSO" width="700"/>`
			`</div>`

			`6. To display your application on Okta, edit the application and set the following:`
			`- Login initiated by: Either Okta or App`
			`- Set visibility according to your preference`
			`- Login flow: Redirect to app to initiate login (OIDC Compliant)`
			`<div style={{textAlign: 'center'}}>`
			`<img className="screenshot-full" src="/img/sso/okta/create-app-s5.png" alt="Okta: SSO" width="700"/>`
			`</div>`

			`:::info Change Grant type`
			`To change the Login flow to Redirect to app to initiate login (OIDC Compliant), you must change the Grant type in the Client acting on behalf of a user section to Implicit (hybrid) and enable Allow Access Token with implicit grant type.`
			`:::`

			`7. The Okta sign-in button will now appear on your ToolJet login screen.`

			`:::info Find Well Known URL`
			`For more information on finding the Well Known URL, refer to the [Okta Auth Servers documentation](https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server).`
			`:::`