--- title: "Integrating Okta" slug: "integrating-okta" updated: 2023-06-01T13:23:28Z published: 2023-06-01T13:23:28Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nexudus.com/llms.txt > Use this file to discover all available pages before exploring further. # Integrating Okta ## ## What You Need to Integrate Okta All you need to integrate Okta is a valid license and a developer account. You can open an Okta developer account from [https://developer.okta.com](https://developer.okta.com). --- ## Step 1. Creating your Okta Application 1. Log in to your Okta developer account. 2. Click **Applications > Add Application**. 3. Select the **OIDC - OpenID Connect** option and then select **Web Application**. ![Okta_OpenIDApp](https://cdn.document360.io/4f9a66c7-3dbb-4052-97d8-5439302e1512/Images/Documentation/Okta_OpenIDApp.png) 1. Fill out the **New Web App Integration** form as detailed below: ![Okta_NewIntegrationForm](https://cdn.document360.io/4f9a66c7-3dbb-4052-97d8-5439302e1512/Images/Documentation/Okta_NewIntegrationForm.png) Fields/options that we haven't listed below can be filled out or left blank at your discretion. **App integration name** ``` Nexudus ``` **Sign-in redirect URIs** ``` https://spaces.nexudus.com/authorization-code/callback ``` **Sign-out redirect URIs** ``` https://spaces.nexudus.com/login/logout ``` **Base URIs** ``` https://spaces.nexudus.com ``` **Controlled access** ``` Allow everyone in your organization to access ``` 1. Click the **Save** button. --- This Okta application will let users sign in to their Nexudus accounts as long as they are already a user in your Okta account. You may also want to connect Okta with an identity providers, such as Microsoft or Google, to delegate the authentication process to the supported providers. You do this by adding a identity provider to your Okta developer account. Okta provides instructions for the different Identity Providers they support: - [Apple](https://developer.okta.com/docs/guides/add-an-external-idp/apple/before-you-begin/) - [Facebook](https://developer.okta.com/docs/guides/add-an-external-idp/facebook/before-you-begin/) - [Google](https://developer.okta.com/docs/guides/add-an-external-idp/google/before-you-begin/) - [LinkedIn](https://developer.okta.com/docs/guides/add-an-external-idp/linkedin/before-you-begin/) - [Microsoft](https://developer.okta.com/docs/guides/add-an-external-idp/microsoft/before-you-begin/) - [Generic OIDC Identity Providers](https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/before-you-begin/) Once you have configured your identity provider, copy and save the identifier IdP ID Okta assigned to it. ![Okta_IdPIDHighlight](https://cdn.document360.io/4f9a66c7-3dbb-4052-97d8-5439302e1512/Images/Documentation/Okta_IdPIDHighlight.png) You will need this **ID** along with your **Client ID** and **Client Secret** to enable the integration on the Admin Panel. ## Step 2. Enabling the Okta Integration in Nexudus The second step of the integration is to enable the Okta integration in your Nexudus account. ![Okta_EnablingIntegration](https://cdn.document360.io/4f9a66c7-3dbb-4052-97d8-5439302e1512/Images/Documentation/Okta_EnablingIntegration.gif) 1. Log in to [dashboard.nexudus.com](https://dashboard.nexudus.com/) if you aren't already. 2. Click **Settings > Integrations > Okta**. 3. Enable the **Okta integration** toggle. 4. Enable the **Create new users in Nexudus if they don't exist** toggle if you want to register directory users as contacts in Nexudus if they don't have an account yet. 5. Enable the **Prevent users from using their Nexudus password to log in** toggle if you want your customers to only be able to use Okta to log in to their Nexudus account. This means the Nexudus login page will automatically redirect users to Okta or the connected identity provider. 1. Add your **Okta domain** without *https://*. *You can also use your Okta custom domain if you have one.* 1. Add your **Identity Provider Id (IdP ID)** if you use one. 2. Add your **Client ID**. 3. Add your **Client Secret**. 4. Add text in the **Sign in button label**. *The default text is **Sign in with Corporate Account**.* 1. Click the **Save Changes** button. --- Okta is now integrated with Nexudus. Your Nexudus login pages (Members Portal & Passport App) will present users with an additional login option labelled as **Sign in with Corporate Account** or the custom text you've added in the **Sign in button label** field in step 11. Clicking on the sign in link will redirect the user to the Okta sign in flow. If you added a custom Identity Provider (i.e. Microsoft AD), then the user will be asked to log in using that provider. If the login is successful, the user is redirected to the Members Portal. When the option **Provision new users if they don't exist** is enabled, if a user is successfully authenticated through Okta and they don't exist in your Nexudus customer database, we will automatically add them as contacts. We pull their their email and full name from the data returned by the identity provider and register them in all locations in your network. ### Okta if you're self-hosting your Members Portal If you are self-hosting your Members Portal, you need handle the Okta callback using your own domain and redirect it to the Nexudus endpoint to let it handle the final step of the Okta authentication flow. For example, when you receive a request to **https://:your_custom_domain.com/authorization-code/callback** you should forward it to **https://:your_custom_domain.spaces.nexudus.com/authorization-code/callback**. You can easily achieve this in NextJS using a redirect page located in /pages/authorization-code/callback.js ``` class OktaCallbackPage extends Component {} OktaCallbackPage.getInitialProps = ({ asPath, query, res }) => { const your_nexudus_domain = "example"; if (res) { res.writeHead(302, { Location: `https://${your_nexudus_domain}.spaces.nexudus.com/authorization-code/callback?code=${query.code}&state=${query.state}&error_description=${query.error_description ?? ''}` }); res.end(); } return {}; }; export default OktaCallbackPage; ```