# Okta SSO Configuration

Configure Okta as your single sign-on provider so workspace members can sign in to AirOps with their Okta credentials. This guide covers creating an OIDC web application in Okta, copying the issuer and client credentials, and adding those values to AirOps.

{% hint style="info" %}
AirOps Okta SSO uses OAuth 2.0/OIDC. In Okta, create a web application that uses the Authorization Code flow.
{% endhint %}

## How to Configure

### Create the Okta app integration

1. In Okta, go to **Applications**.
2. Click **Create App Integration**.
3. Select **OIDC - OpenID Connect** as the sign-in method.
4. Select **Web Application** as the application type.
5. Click **Next**.

<figure><img src="/files/8y15YRTwAo7Ww7lnc1PU" alt="Create an Okta OIDC app integration for AirOps"><figcaption><p>Create an OIDC app integration in Okta.</p></figcaption></figure>

<figure><img src="/files/jieEP45MFLMV9wAbcATe" alt="Select Web Application as the Okta application type"><figcaption><p>Select Web Application for the Okta application type.</p></figcaption></figure>

### Configure the Okta app settings

1. Navigate to the **Single Sign On** tab.
2. Set **App Integration Name** to `AirOps`.
3. Set **Sign-in redirect URIs** to `https://app.airops.com/users/auth/okta/callback`.
4. Set **Sign-out redirect URIs** to `https://app.airops.com`.
5. Set **Base URIs** to `https://app.airops.com`.
6. Choose the Okta assignments for the users or groups that should access AirOps.
7. Click **Save**.

<figure><img src="/files/EjwUfYZxFlWeAHUw9IB9" alt="Configure Okta assignments for the AirOps application"><figcaption><p>Assign the AirOps application to the users or groups that need access.</p></figcaption></figure>

### Copy the issuer URL

1. In Okta, navigate to **Security → API**.
2. Copy the **Issuer URL** for the authorization server that your AirOps app uses.
3. Keep this value available as `issuer_url` for the AirOps configuration fields.

The issuer URL typically looks like `https://your-okta-domain.okta.com/oauth2/default`.

<figure><img src="/files/1AFvVqiSlvK7gVwkSHlV" alt="Copy the issuer URL from Okta Security API settings"><figcaption><p>Copy the issuer URL from the Okta authorization server.</p></figcaption></figure>

### Configure Okta in AirOps

1. Sign in to AirOps at `https://app.airops.com`.
2. Navigate to **Settings → Single Sign On → Configure**.
3. Enter the Okta client credentials and endpoint URLs.
4. Click **Save**.

<figure><img src="/files/CIezvKu4qFYSuwzyAF9N" alt="Open Single Sign On settings in AirOps"><figcaption><p>Open the Single Sign On settings in AirOps.</p></figcaption></figure>

<figure><img src="/files/7SxmNw2zcFjxBPWiuC8u" alt="Enter Okta SSO configuration fields in AirOps"><figcaption><p>Enter the Okta SSO configuration values in AirOps.</p></figcaption></figure>

<figure><img src="/files/WbOxThKhfiYuEjyCGQSF" alt="Save the Okta SSO configuration in AirOps"><figcaption><p>Save the Okta SSO configuration.</p></figcaption></figure>

## Parameters

| Field             | Value                                                                                         |
| ----------------- | --------------------------------------------------------------------------------------------- |
| **Client ID**     | In Okta, navigate to **Applications → Your App** and copy the **Client ID**.                  |
| **Client Secret** | In Okta, navigate to **Applications → Your App** and copy the **Client Secret**.              |
| **Site**          | Your Okta domain, such as `https://dev-123456.okta.com`.                                      |
| **Authorize URL** | `issuer_url/v1/authorize`, such as `https://dev-123456.okta.com/oauth2/default/v1/authorize`. |
| **Token URL**     | `issuer_url/v1/token`, such as `https://dev-123456.okta.com/oauth2/default/v1/token`.         |
| **User Info URL** | `issuer_url/v1/userinfo`, such as `https://dev-123456.okta.com/oauth2/default/v1/userinfo`.   |

## Sign In with Okta

After you save the Okta configuration, sign out of AirOps and go to `https://app.airops.com/users/sign_in`.

Select **Sign In With Okta**, enter your workspace slug, and click **Proceed**. You can find your workspace slug in workspace settings.

<figure><img src="/files/ZWLfiY0YkKeQnobPs7jD" alt="Find the workspace slug in AirOps settings"><figcaption><p>Find your workspace slug in AirOps settings.</p></figcaption></figure>

{% hint style="info" %}
To skip entering the workspace slug manually, use `https://app.airops.com/users/sign_in?okta-workspace-slug=YOUR_WORKSPACE_SLUG`.
{% endhint %}

## Video Walkthrough

{% embed url="<https://www.loom.com/share/40208396fcba439fae71392b26090a0c?sid=4fe81aec-2a8c-401e-90c0-764cd2ed4644>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.airops.com/your-workspace/okta-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.