# Okta Integration

Connect Okta as an identity provider so your users can sign in to AccessIQ with their Okta credentials.

## Prerequisites

* An Okta admin account
* AccessIQ tenant with admin access

## Step 1: Create an App Integration in Okta

1. Sign in to the **Okta Admin Console**.
2. Go to **Applications > Applications** and click **Create App Integration**.
3. Select **OIDC - OpenID Connect** as the sign-in method.
4. Select **Web Application** as the application type.
5. Click **Next**.

## Step 2: Configure the Okta Application

| Field                 | Value                                                       |
| --------------------- | ----------------------------------------------------------- |
| App integration name  | `AccessIQ` (or your preferred name)                         |
| Grant type            | Authorization Code                                          |
| Sign-in redirect URI  | `https://<your-tenant>.accessiq.app/api/auth/callback/okta` |
| Sign-out redirect URI | `https://<your-tenant>.accessiq.app`                        |
| Controlled access     | Assign to the groups or users who need access               |

Click **Save** when finished.

## Step 3: Collect Your Okta Credentials

After saving, Okta displays your application details. Copy the following values:

| Credential        | Where to find it                                                                |
| ----------------- | ------------------------------------------------------------------------------- |
| **Client ID**     | General tab > Client Credentials                                                |
| **Client Secret** | General tab > Client Credentials                                                |
| **Issuer URL**    | `https://<your-okta-domain>.okta.com` (or your custom authorization server URL) |

> **Tip:** Your Issuer URL typically looks like `https://yourcompany.okta.com`. If you use a custom authorization server, it will be `https://yourcompany.okta.com/oauth2/<server-id>`.

## Step 4: Add Okta as a Provider in AccessIQ

1. In AccessIQ, go to **Identity > Providers**.
2. Click **Add Provider** and select **Okta**.
3. Enter the **Client ID**, **Client Secret**, and **Issuer URL** from Step 3.
4. The **Redirect URI** is pre-filled. Copy it if you need to update your Okta app configuration.
5. Click **Save**.

## Step 5: Test the Connection

1. Open your AccessIQ login page in a private browser window.
2. You should see a **Sign in with Okta** button.
3. Click it and verify you can authenticate through Okta and land in your AccessIQ dashboard.

## Troubleshooting

| Issue                       | Solution                                                            |
| --------------------------- | ------------------------------------------------------------------- |
| Redirect URI mismatch error | Verify the redirect URI in Okta matches exactly what AccessIQ shows |
| 401 Unauthorized            | Double-check your Client ID and Client Secret                       |
| User not found after login  | Ensure the user is assigned to the Okta application                 |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://accessiq.gitbook.io/accessiq-docs/identity-and-single-sign-on/okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.