# OKTA SSO Configuration Guide (OIDC)

## Prerequisites&#x20;

* You must have admin access to your Okta organisation.&#x20;
* You need a gospace account with admin privileges, to have verified the Okta domain in admin settings.

## Configuration steps

1. Sign in to your Okta Admin Console.
2. Navigate to "Applications" > "Applications".
3. Click "Create App Integration".
4. Select "OIDC - OpenID Connect" as the Sign-in method, and "Web Application" as the Application type.
5. Click "Next".
6. Fill in the following details:&#x20;
   1. App integration name: "gospace"&#x20;
   2. Sign-in redirect URIs: <https://app.gospace.app/auth/login&#x20>;
   3. Sign-out redirect URIs: <https://app.gospace.app/&#x20>;
   4. Controlled access: Select "Allow everyone in your organisation to access"
7. Click "Save".
8. Navigate to the "Sign On" tab and scroll down to the "OpenID Connect ID Token" section.
9. Ensure that "Include in ID Token" is selected for both "Groups claim type" and "Group claims filter".
10. Set "Groups claim type" to "Filter".
11. In "Group claims filter", enter the Okta group that contains your gospace users.
12. Click "Save".
13. Return to your Okta Admin Console and assign the gospace application to the appropriate users or groups.

## SP-initiated SSO

To initiate SSO from gospace:

1. Navigate to <https://app.gospace.app/auth/login/>.
2. Click "Continue with Okta".
3. You will be redirected to the Okta sign-in page.
4. Enter your Okta credentials.
5. After successful authentication, you will be redirected back to gospace.

Troubleshooting&#x20;

* Ensure that the Redirect URI in both Okta and gospace configurations match exactly.&#x20;
* Check that users are correctly assigned to the gospace application in Okta.&#x20;
* If you encounter any issues, please contact **gospace support**&#x20;

For more information on Okta's OpenID Connect implementation, please refer to the Okta Developer Documentation [here](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.gospace.com/integrations/sso/okta-sso-configuration-guide-oidc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.