# Okta

## Instruqt SSO Integration with Okta

Set up Single Sign-On (SSO) for `play.instruqt.com` using Okta. Instruqt's native Okta integration utilizes OpenID Connect (OIDC) to securely authenticate users.

### Prerequisites

* An Okta account with administrative privileges to create and manage application integrations.
* An active Instruqt account with SSO configuration enabled.

### Step-by-Step Configuration

Follow these steps within your Okta administrator dashboard to create the necessary application integration and retrieve the required credentials.

#### Step 1: Create a New Okta Application

1. Log in to your Okta account as an administrator.
2. In the Admin Console, navigate to the **Applications** menu and select **Applications**.
3. Click the **Create App Integration** button.

#### Step 2: Choose the Sign-in Method

1. Select **OIDC - OpenID Connect** as the sign-in method.
2. Select **Web Application** as the application type.
3. Click **Next**.

#### Step 3: Configure General Settings

1. Give the application a descriptive name, such as `Instruqt SSO`.
2. Under the **Sign-in redirect URIs** section, add the following URL: `https://sso.play.instruqt.com/login/callback`
3. Ensure the **Assignments** section is configured to grant access to the appropriate users or groups.

#### Step 4: Save and Retrieve Credentials

1. Click **Save**.
2. After the application is created, navigate to the **General** tab of the newly created application.
3. Copy the following parameters:
   * **Client ID:** The unique identifier for your application.
   * **Client secret:** The secret key for your application.
4. Copy the **Domain:** Your Okta domain, which is the URL of your Okta organization. For example, `your-company.okta.com`.

#### Step 5: Finalize Configuration in Instruqt

1. Go to `https://play.instruqt.com/manage/{team-name}/sso`
2. Select the **Okta** option.
3. Use the three parameters you retrieved in Step 4 (**Domain**, **Client ID**, and **Client Secret**) to configure the integration.
4. Click **Save**. Users in your organization will be able to sign in to `play.instruqt.com` using their Okta credentials.