Okta SSO integration

Creating an app integration in Okta

Before doing the Hex side configuration, you must have an Okta app integration configured in Okta. This should be created with OIDC as the sign-in method and Web Application as the application type.

After naming your integration and optionally providing a logo, you should use the default general settings.

For users on app.hex.tech:

• Sign-In Redirect URI should be in the format https://app.hex.tech/auth/<YOUR-ORG-NAME>/sso
• Sign-Out Redirect URI should be in the format https://app.hex.tech/<YOUR-ORG-NAME>

For single-tenant dedicated installs:

• Sign-In Redirect URI should be in the format https://<YOUR-HEX-DOMAIN-NAME>/auth/global/sso
• Sign-Out Redirect URI should be in the format https://<YOUR-HEX-DOMAIN-NAME>

Configuring Hex to integrate with Okta

Navigate to the Security section of your Settings panel and fill in the SSO Configuration section with the appropriate details.

• Issuer should be in the format https://<YOUR-OKTA-ACCOUNT>.okta.com/.well-known/openid-configuration
• Client ID and Client Secret can be found in the Client Credentials section of your Okta app integration page

Toggle the Enable SSO switch on to allow users to sign on with SSO.

Toggle the Enforce SSO switch to require users to sign on with SSO.

tip

Verify that SSO sign in works as expected before enabling the Enforce SSO option

Confirm that Okta integration works as expected by logging out of Hex and logging in using the newly available Log in with SSO option.