> ## Documentation Index
> Fetch the complete documentation index at: https://docs.taqtile.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta Single Sign-On (SSO)

> Set up Okta SSO integration for Manifest including account creation, app configuration, and user invitation management.

## **Prerequisites**

Manifest supports Single Sign-on (SSO) using Okta. To get started you need the following items:

* An Okta account with an active subscription
* The following role to the client Okta account: Administrator
* The following role to the Manifest application: System administrator

## **Adding the Manifest application to your Okta tenant**

1. Go to [okta-devok12.okta.com](https://okta-devok12.okta.com/)
2. Click on Sign-Up

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/Signup1-629x1024.png" alt="Signup1" />

3. Create a new account by entering the below information and then hitting REGISTER
   * Email address
   * Password (at least 8 characters)
   * First Name
   * Last Name

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/Signup2.png" alt="Signup2" />

4. You will receive a verification email to the email address you indicated at sign up

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/SignUp3.png" alt="Sign Up3" />

5. Once you received that email - select the ACTIVATE button and you will be redirected to okta-devok12.okta.com/sigin/password-reset

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/Activate-1024x725.png" alt="Activate" />

6. Enter in a new password and confirm that password again

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/Password.png" alt="Password" />

7. Once you are logged in:
   * Go to Applications
   * Create App Integration
   * Check off OIDC - Open ID Connect under Sign-in Method
   * Under Application click on Web Application and then hit NEXT

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/Application-1024x560.png" alt="Application" />

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/CreateNewAppIntegration2-1024x897.png" alt="Create New App Integration2" />

8. At that point a new window will open up to create a new Web Application
9. Remove the Sign Out redirect URI
10. Under the Sign-In redirect URIs - type the Manifest domain \[Example: [https://yourdomain.taqmanifest.com\\](https://yourdomain.taqmanifest.com\\)]
11. Append this URL with /done at the end \[Example: [https://yourdomain.taqmanifest.com/done\\](https://yourdomain.taqmanifest.com/done\\)]
12. Under assignments click the button "Allow everyone in your organization to access" and hit SAVE

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/NewWebApplication1-1024x759.png" alt="New Web Application1" />

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/NewWebApplication2-1024x813.png" alt="New Web Application2" />

13. You will be prompted with your Client Credentials
    * Client ID: \[Client ID]
    * Client Secret: \[Client Secret]
    * Okta Domain \[Example: [dev-75833616.okta.com](http://dev-75833616.okta.com/)]

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/ClientSecret1-1024x795.png" alt="Client Secret1" />

14. Click "Create App Integration" on more time
15. Check off OIDC - Open ID Connect user Sign-In Method and then Native Application under Application Type and then hit NEXT

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/CreateNewAppIntegrationiPad1-1024x899.png" alt="Create New App Integrationi Pad1" />

16. Sign-in and Sign-out Redirects URIs will fill automatically
17. Remove the Sign Out Redirect URI

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/NativeApplication1-1024x795.png" alt="Native Application1" />

18. Under assignments click the button "Allow everyone in your organization to access" and hit SAVE

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/NativeApplication2-1024x593.png" alt="Native Application2" />

19. You will be prompted with a few more Client Credentials:
    * Client ID: \[Client ID iOS]
    * Redirect URI: \[Redirect URI iOS]
      * Example: com.okta.dev-75833616:/callback

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/CredentialsiPad1-1024x911.png" alt="Credentialsi Pad1" />

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/CredentialsiPad2-1024x773.png" alt="Credentialsi Pad2" />

## **Configuring Manifest with your client Okta AD**

1. Sign into the **Manifest Client Portal**
2. Select “**Client Setting**s” and go to the **Authentication Configurations** tab
3. Select **"+ OAUTH PROVIDER"**

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/ManifestClientSettings-1024x538.png" alt="Manifest Client Settings" />

4. Enter in the following information that you gathered below into the Manifest application to your Okta AD tenant:
   * Client ID​
   * Client ID iOS
   * Client Secret​
   * Okta Domain
   * Redirect URI iOS

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/ManifestClientSettings3-1024x543.png" alt="Manifest Client Settings3" />

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/ManifestClientSettings4.png" alt="Manifest Client Settings4" />

5. Select Update
6. Log out of Manifest
7. Log back into Manifest and you will be prompted to log into Okta

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/LogInManifest-1024x519.png" alt="Log In Manifest" />

8. For subsequent logins you will just see the "Log In with OKTA" at the login page and upon accepting the EULA and hitting login with Okta you will login automatically.

## **How to Invite Users to Authenticate Using Okta**

Once the administrator has set up the initial Okta configuration with the Manifest application you are now ready to invite users to authenticate as well. Below are instructions on how to add users to the Okta backend.

1. Go to [okta-devok12.okta.com](https://okta-devok12.okta.com/)
2. Enter in your Username and Password and then the Sign In button
3. On the left hand navigation select Directory

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/DirectoryPeople-1024x367.png" alt="Directory People" />

4. Select People
5. Click on the + Add Person and when the model opens fill out the following fields​
   * First Name
   * Last Name
   * Primary Email
   * Select if the Password should be set by the User or the Admin
   * Click the "Send user activation email now"

<img src="https://mintlify.s3.us-west-1.amazonaws.com/taqtile/images/AddPerson.png" alt="Add Person" />

6\. Select Save or Save and Add Another User\
7\. Continue this action until all users are added
