Skip to main content

Okta SSO

In this guide, you’ll learn how to set up Okta SSO in Coalesce.

Okta Administrator

You must be a Okta Administrator to complete this process.

Before You Begin

Check Your Subdomain

You'll need to make sure you have a subdomain for Coalesce.

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp. You can also check your subdomain by going to your organizations single sign-on settings.

If the Subdomain box in your settings is blank, you need to create a subdomain for your organization.

Single Sign-On configuration form header showing Authority and Subdomain fields with Other selected

Create Okta App Integration

To use Okta as your Single Sign-On provider, you'll want to create a new App Integration in Okta.

  1. Open the admin panel for your Okta organization

  2. Click on Applications.

    Creating an App Integration in Okta

  3. Click on Create App Integration.

  4. Select OIDC - OpenID Connect as the Sign-in method and Single-Page Application as the Application Type and then create the new app integration.

    Configuring a new App Integration in Okta

  5. On the settings page for this newly created integration, enter the following:

    1. App Integration Name - this is typically going to be Coalesce but any friendly name works
    2. Sign-in redirect URI - by default this is http://localhost:8080/login/callback which you'll want to change to https://mySubdomain.<app_domain>/login/callback. mySubdomain is typically the name of your organization.
    3. Controlled Access - select whichever setting is appropriate for your organization

  6. Click Save. You'll now be at a window with all your App Integration settings. Keep this browser tab open as you'll need to enter some information from it into Coalesce.

Configure Coalesce Okta Settings

  1. Open a new window.

  2. Sign in to your Coalesce application using username and password.

  3. Go to Organization Settings > Single Sign-On.

  4. Fill out the fields.

    Single Sign-On configuration form with fields for Authority, Subdomain, Authorization Server, OIDC Client ID, and Server-Side Authorization toggle under Advanced Settings
    FieldDescription
    AuthorityThe system being used for Single Sign On. Choose Okta.
    SubdomainThis will be the same as mySubdomain. Not the entire redirect URI.
    Authorization ServerRefer to the URL you use for your Okta account. Your Authorization Server will be the base URL. For example: https://<yourcompany>.okta.com
    OIDC clientIDThis will be the same as the Client ID field in the settings of your Okta app integration.
    Server-Side AuthorizationToggle on to add an authorization URL. Use this when the authorization server blocks access to the OpenID configuration or token endpoints.
    Authorization EndpointThe authorization URL to redirect to.

  5. Once you've filled out the SSO settings in Coalesce, click Save.

  6. Log out of Coalesce.

  7. Go to your SSO URL, which will be formatted like - https://mySubdomain.<app_domain> - and click on the Use Single Sign-On button to log in using SSO.

Use Single Sign On Button

If instead of a button you see an error message, check to make sure you correctly entered all the fields in your Coalesce SSO settings. If the problem persists please reach out to our Support Team.