Okta SSO is only available on the Pro tier.
Learn more about our pricing here.
If your organization is already using Okta for authentication and management, existing Koan users can use it to sign in. SSO configuration requires being an organizational admin. Please reach out to us at email@example.com for help configuring your Koan instance appropriately. To set up Okta SSO, we'll need to:
gather some information about Okta server
create an Okta OpenID Connect application
assign Okta users to the new application
Here's how it works.
Create an Okta OpenID Connect application
Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the Okta dashboard,
Navigate to the "applications" tab
Click "Add Application", then "Create New App"
For Application Integration, choose:
- Platform: web
- Sign on method: OpenID Connect
For OpenID Connect Integration, choose:
- Application name: Koan
- Login redirect URI: https://myapp.koan.co/callbacks/oauth/okta (replace myapp with your Koan domain)
- Initiate login URI: https://myapp.koan.co/oauth/redirect/okta/signin (replace myapp with your Koan domain)
Copy your new app's Client ID and Client secret
Assign users to the application
Next, let's assign Okta users to the new application. We'll assign everyone by default, but you may only assign the users or teams that are actively using Koan if you wish.
Click "Applications" in the Okta menu and choose the new "Koan" application
In "Assignments", click the "Assign" dropdown and choose "Assign to Group"
Locate "Everyone" and click "Assign"
Find your Okta Base URL (origin)
Copy your Okta Domain (origin) from your General Settings
*Note - When pasting this domain into Koan configuration you will need to add 'https://' to the front of this domain. e.g. https://dev-7313259.okta.com
Optionally, if you're using an Okta Auth Server, you'll also need your Auth Server ID to tell Koan where to send authorization requests
see - https://developer.okta.com/docs/reference/api/oidc/#endpoints for more info.
Browse to https://myapp.koan.co/org/configure/integrations/okta, replacing myapp with the name of the Koan organization you administer
Enter the Origin, Auth Server ID, Client ID, and Client secret from Okta
Click "Save Configuration"
That's it! Members of your organization can now sign in to Koan with Okta.