# Okta

## Okta configuration

In Okta, you have to create a new Web application with `OIDC - OpenID Connect` Sign-in method:

<div align="left"><img src="/files/7Vjg9RVH6fubyELzDFzr" alt="" width="820"></div>

In the next step you have to configure callback URI, which should look like this: `http://<your-application-url>/oauth`

<div align="left"><img src="/files/FzF4JwVEQMgFDehHZ8iN" alt="" width="820"></div>

Before saving configuration you have to configure application assignments.

<div align="left"><img src="/files/lcsj1tvnSduVIvOjLGVH" alt="" width="820"></div>

In the last step if you should configure groups claim filter to get user groups with access token. You can use any of the compare methods, `Equals`, `Matches regex`, etc. which will match your requirements and Okta groups configuration.

<div align="left"><img src="/files/KUQuVRyuiiPtaWDdIoDN" alt="" width="820"></div>

## Kouncil configuration

In Kouncil you can configure Okta SSO by adding below snippet to your configuration file. You have to replace `your-client-id`, `your-client-secret`, `your-application-url` and `your-domain-id`

```yaml
kouncil:
  auth:
    active-provider: sso
    sso:
      supported:
        providers: okta
spring:
  security:
    oauth2:
      client:
        registration:
          okta:
            client-id: <your-client-id>
            client-secret: <your-client-secret>
            redirect-uri: http://<your-application-url>/oauth
            scope: openid,profile,email,groups
        provider:
          okta:
            authorization-uri: https://<your-domain-id>/oauth2/v1/authorize
            token-uri: https://<your-domain-id>/oauth2/v1/token
            user-info-uri: https://<your-domain-id>/oauth2/v1/userinfo
            jwk-set-uri: https://<your-domain-id>/oauth2/v1/keys 
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kouncil.io/getting-started/configuration/authentication/sso/okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.