Okta SSO integration
Creating an app integration in Okta
Before doing the Hex side configuration, you must have an Okta app integration configured in Okta. This should be created with OIDC as the sign-in method and Web Application as the application type.
After naming your integration and optionally providing a logo, you should use the default general settings.
For users on app.hex.tech:
- Sign-In Redirect URI should be in the format
https://app.hex.tech/auth/<YOUR-ORG-NAME>/sso
- Sign-Out Redirect URI should be in the format
https://app.hex.tech/<YOUR-ORG-NAME>
For single-tenant dedicated installs:
- Sign-In Redirect URI should be in the format
https://<YOUR-HEX-DOMAIN-NAME>/auth/global/sso
- Sign-Out Redirect URI should be in the format
https://<YOUR-HEX-DOMAIN-NAME>
Configuring Hex to integrate with Okta
Navigate to the Security section of your Settings panel and fill in the SSO Configuration
section with the appropriate details.
- Issuer should be in the format
https://<YOUR-OKTA-ACCOUNT>.okta.com/.well-known/openid-configuration
- Client ID and Client Secret can be found in the
Client Credentials
section of your Okta app integration page
Toggle the Enable SSO switch on to allow users to sign on with SSO.
Toggle the Enforce SSO switch to require users to sign on with SSO.
Verify that SSO sign in works as expected before enabling the Enforce SSO option
Confirm that Okta integration works as expected by logging out of Hex and logging in using the newly available Log in with SSO option.