How do you configure authentication via Okta? – Ketryx

Frequently Asked Questions

How do you configure authentication via Okta?

For authentication via Okta, create a new App Integration in your Okta instance and configure it in the following way:

In the advanced setting Authentication providers, set the following (based on a CLIENT_ID and CLIENT_SECRET retrieved from Okta, and an appropriate ORGNAME in the Okta URL):

{
  "okta": {
    "clientId": "CLIENT_ID",
    "clientSecret": "CLIENT_SECRET",
    "issuer": "https://ORGNAME.okta.com",
    "allowDangerousEmailAccountLinking": true
  }
}

The flag allowDangerousEmailAccountLinking can be set to allow users to authenticate via Okta even after they have created an account by logging in via email. This is secure as long as you trust your Okta instance to verify and report accurate email addresses.

Okta can also be configured to allow users to initiate a login to Ketryx directly from an Okta dashboard. Please note, this is the responsibility of the Okta admin. They should be able to perform this step.

Please contact Ketryx Support for any additional questions.