How do you configure authentication via Okta?

Lee Chickering
Lee Chickering
  • Updated
For authentication via Okta, create a new App Integration in your Okta instance and configure it in the following way:
  • Use "OIDC - OpenID Connect" authentication with the application type "Web Application"
  • For Grant type, choose "Client acting on behalf of a user" via an "Authorization Code"
  • Set the Sign-in redirect URL to
  • Set the Sign-out redirect URL to
  • Make sure that all desired members of the organization are assigned to the app in Okta
  • Configure the authentication provider in Ketryx using Okta's client ID, client secret, and issuer URL, as in the example below
In the advanced setting Authentication providers, set the following (based on a CLIENT_ID and CLIENT_SECRET retrieved from Okta, and an appropriate ORGNAME in the Okta URL):
"okta": {
"clientId": "CLIENT_ID",
"clientSecret": "CLIENT_SECRET",
"issuer": "",
"allowDangerousEmailAccountLinking": true
The flag allowDangerousEmailAccountLinking can be set to allow users to authenticate via Okta even after they have created an account by logging in via email. This is secure as long as you trust your Okta instance to verify and report accurate email addresses.
Okta can also be configured to allow users to initiate a login to Ketryx directly from an Okta dashboard. Please contact Ketryx Support for assistance.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Article is closed for comments.