Note: SSO configuration requires Koan's company edition and to be an organizational admin. Please reach out to us at firstname.lastname@example.org for help configuring your Koan instance appropriately.
If your organization is already using Okta for authentication and management, existing Koan users can use it to sign in. To set up Okta SSO, we'll need to:
- gather some information about Okta server
- create an Okta OpenID Connect application
- assign Okta users to the new application
- configure Koan
Here's how it works.
Find your Okta Base URL
Visit the Okta developer docs and locate your API Base URL. We'll need the URL origin (highlighted portion of the URL below).
Optionally, if you're using an Okta Auth Server, you'll also need your Auth Server ID to tell Koan where to send authorization requests
Create an Okta OpenID Connect application
Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the Okta dashboard,
- Navigate to the "applications" tab
- Click "Add Application", then "Create New App"
- For Application Integration, choose:
- Platform: web
- Sign on method: OpenID Connect
- For OpenID Connect Integration, choose:
- Application name: Koan
- Login redirect URI: https://myapp.koan.co/callbacks/oauth/okta (replace myapp with your Koan domain)
- Initiate login URI: https://myapp.koan.co/oauth/redirect/okta/signin (replace myapp with your Koan domain)
- Copy your new app's Client ID and Client secret
Assign users to the application
Next, let's assign Okta users to the new application. We'll assign everyone by default, but you may only assign the users or teams that are actively using Koan if you wish.
- Click "Applications" in the Okta menu and choose the new "Koan" application
- In "Assignments", click the "Assign" dropdown and choose "Assign to Group"
- Locate "Everyone" and click "Assign"
- Browse to https://myapp.koan.co/org/configure/integrations/okta, replacing myapp with the name of the Koan organization you administer
- Enter the Origin, Auth Server ID, Client ID, and Client secret from Okta
- Click "Save Configuration"
That's it! Members of your organization can now sign in to Koan with Okta.