> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/knowledge-base/how-to-articles/configure-okta-authenticator.md).

# Configure Okta authenticator

Follow the steps below to configure Okta as an authenticator for Devolutions Server.

### Prerequisite

* A subscription to Okta.
* A Web Application using OIDC configured on Okta.
* An API token configured in Okta.

### Terms

In this topic we will assume that your instance of Devolutions Server is configured in HTTPS, that the web application is Devolutions Server and that it is therefore served under the URL <https://www.contoso.com/devolutions-server>.

### Configuration of an application in okta

![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4069.png)

1. Log into your Okta administration account.
2. Go to ***Applications*** in the ***Applications*** submenu and click on the ***Create App Integration*** button.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4105.png)
3. In the ***Sign-in method*** section select ***OIDC - OpenID Connect***.
4. In the ***Application type*** section select ***Single-Page Application***.
5. Click ***Next*** to continue.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4106.png)
6. In the ***New Single-Page App Integration*** page presenting the configuration of the new application:

   1. First, name the application in the ***App integration name*** field to find it in your application list in Okta.
   2. Under ***Grant type***, enable the ***Authorization Code*** and ***Refresh Token*** options.
   3. Add the URI in the ***Sign-in redirect URIs*** section. In our example we added <https://www.contoso.com/dvls/api/external-provider-response>
   4. You could leave the ***Sign-out redirect URIs*** and the ***Trusted Origins*** sections empty. The Devolutions Server does not log your user out of the application scope and the Okta login form is not hosted on Devolutions Server therefore they are not necessary.
   5. In the ***Assignments*** section, we recommend that you select ***Allow everyone in your organization to access*** and then check ***Enable immediate access with Federation Broker Mode*** This will save you from having to assign each user to the application manually.
   6. Click ***Save***.

   ![](https://cdnweb.devolutions.net/docs/INTERFACE2054.png)

### Configuration of an API Key in okta

1. In the left side menu go to ***Security*** – ***API***.
2. In the ***Tokens*** tab click on the ***Create token*** button.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4216.png)
3. Name the token to find it in your list then click ***Create token***.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4195.png)
4. Once created, copy the ***Token Value*** in a safe place.

{% hint style="warning" %}
If you do not copy the ***Token Value*** , you will not be able to find it afterward. You will have to create a new one.
{% endhint %}

{% hint style="info" %}
The token inherits the rights of the user who creates it. This is important because your user must be able to list groups and users. Okta recommends the creation of a ***Service user*** for the creation of Api tokens. You can read more on the subject on Okta's website from [Create an API token](https://developer.okta.com/docs/guides/create-an-api-token/main/).
{% endhint %}

![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4143.png)

### Configuration of the authentication and the synchronization of users and groups in okta

Once the application and API token are created, you can configure the Devolutions Server web interface.

1. Log into the Devolutions Server instance with an administrator account.
2. Go to the ***Administration*** – ***Server settings*** – ***Authentication***.
3. Check ***Authentication with Okta user***.
4. In the ***Configuration*** section, click ***Okta Authentication***.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4229.png)
5. **Optional**: You can input an information in the ***Display name*** field. This will be replacing the word ***Okta*** in the login page.
6. In the ***Authentication configuration*** section, enter your Okta ***Domain.***

To find your ***Domain*** go to your Okta account. In the top right corner of the screen, click on your user menu. Your domain should be visible.

![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4141.png)

7. In the same section of Devolutions Server, fill the ***Client ID*** field with the ***Client ID*** of your application.

   ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4129.png)
8. In the ***Synchronize users and groups*** section fill in the ***API token*** saved earlier.
9. Finally, if you wish, you can activate the ***Automatic user creation*** This will prevent the administrator from having to import the ***Users*** manually to Devolutions Server before they can connect with Okta. You can also select a ***User group*** In this case only the ***Users*** of this group will be able to benefit from the automatic creation.
10. Click the ***Save*** button.

You will now be able to observe that the button allowing you to connect to Okta is now present in the login page.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/server/knowledge-base/how-to-articles/configure-okta-authenticator.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.