> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta and OpenID Connect

<Note>
  This document covers step two of the [Single sign-on (SSO) setup](/docs/administration/single-sign-on) process, and shouldn't be completed independently.
</Note>

1. Log in to [Okta](https://www.okta.com/), and click **Applications** in the left menu, then select **Applications** again from the expanded menu.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-01.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=9794656d92affbc20ab52dede121c0ee" alt="Okta Applications" width="1430" height="882" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-01.png" />

2. Click the **Create App Integration** button at the top.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-02.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=0797d3e70697c7e5c269b089e90a0b3c" alt="Create App Integration" width="1072" height="868" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-02.png" />

3. Select the **OIDC - OpenID Connect** radio button as the sign-in method.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-03.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=f5e5a59e101503dc261cc31939a8f7a6" alt="Select OIDC method" width="1382" height="660" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-03.png" />

4. Select the **Web Application** radio button, and click **Next**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-04.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=b6f9092a91963e64c043d0892330a5b8" alt="Select Web Application" width="1384" height="732" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-04.png" />

5. Enter a name for the application, such as `{maia}`.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-05.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=6b0facae091d40fed0975a7d3f4ce79d" alt="Application name" width="1430" height="760" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-05.png" />

   <Note>
     There are optional steps at the end of this document if you wish to add an icon for users. The icon for the application itself must always be hidden, as using it will attempt an IdP Initiated connection, which we do not allow for security reasons.
   </Note>

6. Enter `https://id.matillion.com/login/callback` in the **Sign-in redirect URIs** field.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-06.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=c15cb9fe9d555993d2a2338270a0e250" alt="Sign-in redirect URIs" width="1430" height="780" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-06.png" />

7. Scroll to the bottom, assign access to the users or groups you want to be able to use the application, and click **Next**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-07.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=4d0a42b2848e36db06fc10a8af5c5b41" alt="Assign access" width="1372" height="596" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-07.png" />

8. Click the button to copy the **Client ID**, and make a note of it for later.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-08.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=b64a9c2ec38af5e73397980b9fef04db" alt="Copy Client ID" width="1342" height="748" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-08.png" />

9. Click the button to copy the **Secret**, and make a note of it for later.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-09.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=7ef9602f7ea1a3b2817d47f911a3c898" alt="Copy Secret" width="1336" height="732" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-09.png" />

   <Note>
     Contact us to arrange for the secret to be rotated before the existing one expires to avoid minimal interruption to your users.
   </Note>

10. Determine your [OpenID Connect Well-Known URL](https://support.okta.com/help/s/article/how-to-find-the-okta-well-known-url?language=en_US), which is usually `https://<OKTA_DOMAIN>/.well-known/openid-configuration`, and make a note of it for later.

11. Continue the steps in [Single sign-on (SSO) setup](/docs/administration/single-sign-on).

***

## Configure an Okta application icon (optional)

Follow these steps to add an application icon so users can access {maia} from their Okta dashboard. If you don't require an application icon, skip this section, and continue with [Single sign-on (SSO) setup](/docs/administration/single-sign-on).

1. Click **Applications**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-10.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=e5cf1d3acaa56df87ac6baaff9e12417" alt="Applications menu" width="1430" height="882" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-10.png" />

2. Click **Browse App Catalog**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-11.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=fa06d360c3c2896495cbb0d0ee324398" alt="Browse App Catalog" width="1276" height="690" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-11.png" />

3. Enter **bookmark** in the search field, and click **Bookmark App**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-12.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=0162de8dacf5d3a5c818b4bafaddcff6" alt="Bookmark App" width="1430" height="882" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-12.png" />

4. Click **Add Integration**.

   <img src="https://mintcdn.com/matillion/0bH-WuwTaSy4zifJ/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-13.png?fit=max&auto=format&n=0bH-WuwTaSy4zifJ&q=85&s=93297740c1de94fc0dcbffd75b630fd2" alt="Add Integration" width="1276" height="542" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-13.png" />

5. Enter an **Application label** and the URL `https://app.matillion.com`.

   <img src="https://mintcdn.com/matillion/WwJsFdmYh_q5l5m6/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-14.png?fit=max&auto=format&n=WwJsFdmYh_q5l5m6&q=85&s=2ca7056b78de5a3ea6891177b6174e0f" alt="Application label and URL" width="1430" height="882" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-14.png" />

6. Select the bookmark from the list of applications, which will be shown with a star icon.

   <img src="https://mintcdn.com/matillion/WwJsFdmYh_q5l5m6/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-15.png?fit=max&auto=format&n=WwJsFdmYh_q5l5m6&q=85&s=ad079524090a5d08c8f0453e3a9e1353" alt="Select bookmark" width="1014" height="424" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-15.png" />

7. Click on the icon.

   <img src="https://mintcdn.com/matillion/WwJsFdmYh_q5l5m6/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-16.png?fit=max&auto=format&n=WwJsFdmYh_q5l5m6&q=85&s=7d0fe665797d1ac2890218ca2d7fb561" alt="Click icon" width="988" height="792" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-16.png" />

8. Upload an icon for the application, such as [matillion.png](https://matillion-docs.s3.eu-west-1.amazonaws.com/Attachments/sso-docs/matillion.png).

   <img src="https://mintcdn.com/matillion/WwJsFdmYh_q5l5m6/images/hub/okta-and-open-id-connect/okta-and-open-id-connect-17.png?fit=max&auto=format&n=WwJsFdmYh_q5l5m6&q=85&s=08388e39704d96769fa0ea9f7039cbe2" alt="Upload icon" width="1154" height="844" data-path="images/hub/okta-and-open-id-connect/okta-and-open-id-connect-17.png" />

9. Continue the steps in [Single sign-on (SSO) setup](/docs/administration/single-sign-on).
