# Okta

Curiosity supports Single Sign-On using Okta.

# Prerequisites

You will need the following information from your Okta Developer Console:

• Okta Domain
• Authorization Server Name (e.g., "default")
• Client ID
• Client Secret

# Configuration Steps

# 1. Create an Okta Application

1. Log in to your Okta Developer Console.
2. Navigate to Applications > Applications and click Create App Integration.
3. Select OIDC - OpenID Connect and Web Application, then click Next.
4. Enter an application name (e.g., "Curiosity SSO").
5. Set the Login redirect URI: {domain}/api/oktasso/completed-login-attempt
6. Click Save.
7. Note down the Client ID and Client Secret from the application summary.

# 2. Identify Domain and Authorization Server

1. Go to Security > API.
2. Note the Issuer URI for your authorization server (usually "default").
3. The Okta Domain is the Issuer URI without the /oauth2/default suffix.
4. The Authorization Server Name is typically default.

# 3. Enter Details in Curiosity

1. In Curiosity, navigate to Manage > Settings > Accounts > Single Sign-On.
2. Select Okta.
3. Enter the Domain, Authorization Server Name, Client ID, and Client Secret.
4. Click Save.

# Troubleshooting

• Invalid Domain or Server Name: Errors will appear immediately upon redirection to Okta.
• Invalid Client Secret: Login succeeds on Okta, but fails upon returning to Curiosity.
• Redirect URI Mismatch: Ensure the URI in Okta matches your workspace URL exactly.