Okta SSO is only available on the Pro tier. Learn more about our pricing here.

If your organization is already using Okta for authentication and management, existing Koan users can use it to sign in. SSO configuration requires being an organizational admin. Please reach out to us at support@koan.co for help configuring your Koan instance appropriately. To set up Okta SSO, we'll need to:

  1. gather some information about Okta server

  2. create an Okta OpenID Connect application

  3. assign Okta users to the new application

  4. configure Koan

Here's how it works.

Create an Okta OpenID Connect application

Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the Okta dashboard,

  1. Navigate to the "applications" tab

  2. Click "Add Application", then "Create New App"

  3. For Application Integration, choose:
    - Platform: web
    - Sign on method: OpenID Connect

  4. For OpenID Connect Integration, choose:
    - Application name: Koan
    - Login redirect URI: https://myapp.koan.co/callbacks/oauth/okta (replace myapp with your Koan domain)
    - Initiate login URI: https://myapp.koan.co/oauth/redirect/okta/signin (replace myapp with your Koan domain)

  5. Copy your new app's Client ID and Client secret

Assign users to the application

Next, let's assign Okta users to the new application. We'll assign everyone by default, but you may only assign the users or teams that are actively using Koan if you wish.

  1. Click "Applications" in the Okta menu and choose the new "Koan" application

  2. In "Assignments", click the "Assign" dropdown and choose "Assign to Group"

  3. Locate "Everyone" and click "Assign"

Find your Okta Base URL (origin)

Copy your Okta Domain (origin) from your General Settings

*Note - When pasting this domain into Koan configuration you will need to add 'https://' to the front of this domain. e.g. https://dev-7313259.okta.com

Optionally, if you're using an Okta Auth Server, you'll also need your Auth Server ID to tell Koan where to send authorization requests

see - https://developer.okta.com/docs/reference/api/oidc/#endpoints for more info.

Configure Koan

  1. Browse to https://myapp.koan.co/org/configure/integrations/okta, replacing myapp with the name of the Koan organization you administer

  2. Enter the Origin, Auth Server ID, Client ID, and Client secret from Okta

  3. Click "Save Configuration"

That's it! Members of your organization can now sign in to Koan with Okta.

Did this answer your question?