---
title: "How do you configure authentication via Okta?"
description: "For authentication via Okta, create a new App Integration in your Okta instance and configure it in the following way: Use \"OIDC - OpenID Connect\" authentication with the application type \"Web Application\" For Grant type, choose \"Client acting on behalf of a user\" via an \"Authorization Code\" Set…"
category: "Frequently Asked Questions"
section: "General"
keywords: ["okta", "url", "authentication", "configure", "application", "sign", "client", "app"]
source_url: "https://support.ketryx.com/hc/en-us/articles/21758815519501-How-do-you-configure-authentication-via-Okta"
last_reviewed: 2026-06-11
---

# How do you configure authentication via Okta?

> **In short:** For authentication via Okta, create a new App Integration in your Okta instance and configure it in the following way: Use "OIDC - OpenID Connect" authentication with the application type "Web Application" For Grant type, choose "Client acting on behalf of a user" via an "Authorization Code" Set…

For authentication via Okta, create a new _App Integration_ in your Okta instance and configure it in the following way:

- Use "OIDC - OpenID Connect" authentication with the application type "Web Application"

- For _Grant type_, choose "Client acting on behalf of a user" via an "Authorization Code"

- Set the _Sign-in redirect URL_ to `https://app.ketryx.com/api/auth/callback/okta`

- Set the _Sign-out redirect URL_ to `https://app.ketryx.com`

- Make sure that all desired members of the organization are assigned to the app in Okta

- Configure the authentication provider in Ketryx using Okta's client ID, client secret, and issuer URL, as in the example below

In the advanced setting [Authentication providers](https://docs.ketryx.com/Nfv9ttHxYK0eaVZFq3wl/reference/advanced-settings#authentication-configuration), set the following (based on a `CLIENT_ID` and `CLIENT_SECRET` retrieved from Okta, and an appropriate `ORGNAME` in the Okta URL):

```
{
"okta": {
"clientId": "CLIENT_ID",
"clientSecret": "CLIENT_SECRET",
"issuer": "https://ORGNAME.okta.com",
"allowDangerousEmailAccountLinking": true
}
}
```

The flag `allowDangerousEmailAccountLinking` can be set to allow users to authenticate via Okta even after they have created an account by logging in via email. This is secure as long as you trust your Okta instance to verify and report accurate email addresses.

Okta can also be configured to allow users to initiate a login to Ketryx directly from an Okta dashboard. Please note, this is the responsibility of the Okta admin. They should be able to perform this step.

Please [contact Ketryx Support](https://www.ketryx.com/contact-us) for any additional questions.

## Related articles

- [How can an organization define custom authentication methods based on company domain?](how-can-an-organization-define-custom-authentication-methods-based-on-company.md)
- [Which authentication methods does Ketryx support? What SSO methods are available?](which-authentication-methods-does-ketryx-support-what-sso-methods-are-available.md)
- [Why can't I see my approvals or traceability widget in Jira?](why-can-t-i-see-my-approvals-or-traceability-widget-in-jira.md)
- [Why are my Xray Test steps not showing up or updating in the Ketryx UI?](why-are-my-xray-test-steps-not-showing-up-or-updating-in-the-ketryx-ui.md)
- [Do users get email notifications when an assigned item or training document needs approval?](do-users-get-email-notifications-when-an-assigned-item-or-training-document.md)
