Skip to main content

Okta provider SSO configuration

Page summary:

Okta is an SSO provider that allows users to sign in and sign up to Strapi through their Okta account using OAuth2 credentials configured in the auth.providers array.

The present page explains how to setup the Okta provider for the Single Sign-On (SSO) feature.

Prerequisites

You have read the How to configure SSO guide.

Installation

Install passport-okta-oauth20:

terminal
BASH
yarn add passport-okta-oauth20

Configuration example

The Okta SSO provider is configured in the auth.providers array of the config/admin file:

Caution

When setting the OKTA_DOMAIN environment variable, make sure to include the protocol (e.g., https://example.okta.com). If you do not, you will end up in a redirect loop.

/config/admin.js

const OktaOAuth2Strategy = require("passport-okta-oauth20").Strategy;

module.exports = ({ env }) => ({
  auth: {
    // ...
    providers: [
      {
        uid: "okta",
        displayName: "Okta",
        icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium-thumbnail.png",
        createStrategy: (strapi) =>
          new OktaOAuth2Strategy(
            {
              clientID: env("OKTA_CLIENT_ID"),
              clientSecret: env("OKTA_CLIENT_SECRET"),
              audience: env("OKTA_DOMAIN"),
              scope: ["openid", "email", "profile"],
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL("okta"),
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: profile.username,
              });
            }
          ),
      },
    ],
  },
});
Was this page helpful?
On this page
Contribute to this page