Okta SSO is only available on the Pro tier. Learn more about our pricing here.

If your organization is already using Okta for authentication and management, existing Koan users can use it to sign in. SSO configuration requires being an organizational admin. Please reach out to us at support@koan.co for help configuring your Koan instance appropriately. To set up Okta SSO, we'll need to:

  1. gather some information about Okta server

  2. create an Okta OpenID Connect application

  3. assign Okta users to the new application

  4. configure Koan

Here's how it works.

Find your Okta Base URL

Visit the Okta developer docs and locate your API Base URL. We'll need the URL origin (highlighted portion of the URL below)

Optionally, if you're using an Okta Auth Server, you'll also need your Auth Server ID to tell Koan where to send authorization requests

Create an Okta OpenID Connect application

Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the Okta dashboard,

  1. Navigate to the "applications" tab

  2. Click "Add Application", then "Create New App"

  3. For Application Integration, choose:
    - Platform: web
    - Sign on method: OpenID Connect

  4. For OpenID Connect Integration, choose:
    - Application name: Koan
    - Login redirect URI: https://myapp.koan.co/callbacks/oauth/okta (replace myapp with your Koan domain)
    - Initiate login URI: https://myapp.koan.co/oauth/redirect/okta/signin (replace myapp with your Koan domain)

  5. Copy your new app's Client ID and Client secret

Assign users to the application

Next, let's assign Okta users to the new application. We'll assign everyone by default, but you may only assign the users or teams that are actively using Koan if you wish.

  1. Click "Applications" in the Okta menu and choose the new "Koan" application

  2. In "Assignments", click the "Assign" dropdown and choose "Assign to Group"

  3. Locate "Everyone" and click "Assign"

Configure Koan

  1. Browse to https://myapp.koan.co/org/configure/integrations/okta, replacing myapp with the name of the Koan organization you administer

  2. Enter the Origin, Auth Server ID, Client ID, and Client secret from Okta

  3. Click "Save Configuration"

That's it! Members of your organization can now sign in to Koan with Okta.

Did this answer your question?