Okta SSO is only available on the Pro tier.
Learn more about our pricing here.
If your organization is already using Okta for authentication and management, existing Koan users can use it to sign in. SSO configuration requires being an organizational admin. Please reach out to us at firstname.lastname@example.org for help configuring your Koan instance appropriately. To set up Okta SSO, we'll need to:
gather some information about Okta server
create an Okta OpenID Connect application
assign Okta users to the new application
Here's how it works.
Find your Okta Base URL
Visit the Okta developer docs and locate your API Base URL. We'll need the URL origin (highlighted portion of the URL below).
Optionally, if you're using an Okta Auth Server, you'll also need your Auth Server ID to tell Koan where to send authorization requests
Create an Okta OpenID Connect application
Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the Okta dashboard,
Navigate to the "applications" tab
Click "Add Application", then "Create New App"
For Application Integration, choose:
- Platform: web
- Sign on method: OpenID Connect
For OpenID Connect Integration, choose:
- Application name: Koan
- Login redirect URI: https://myapp.koan.co/callbacks/oauth/okta (replace myapp with your Koan domain)
- Initiate login URI: https://myapp.koan.co/oauth/redirect/okta/signin (replace myapp with your Koan domain)
Copy your new app's Client ID and Client secret
Assign users to the application
Next, let's assign Okta users to the new application. We'll assign everyone by default, but you may only assign the users or teams that are actively using Koan if you wish.
Click "Applications" in the Okta menu and choose the new "Koan" application
In "Assignments", click the "Assign" dropdown and choose "Assign to Group"
Locate "Everyone" and click "Assign"
Browse to https://myapp.koan.co/org/configure/integrations/okta, replacing myapp with the name of the Koan organization you administer
Enter the Origin, Auth Server ID, Client ID, and Client secret from Okta
Click "Save Configuration"
That's it! Members of your organization can now sign in to Koan with Okta.