Okta

Backend classes

For Django, choose from these class paths for AUTHENTICATION_BACKENDS. For other integrations, use the same class paths in the framework-specific backend setting.

Backend name

Class path

okta-oauth2

social_core.backends.okta.OktaOAuth2

okta-openidconnect

social_core.backends.okta_openidconnect.OktaOpenIdConnect

This section describes how to setup the different services provided by Okta.

Okta OAuth2

IdP Setup

To configure Okta for OAuth2:

  1. Log into your Okta Admin Console

  2. Navigate to Applications > Create App Integration

  3. Select OIDC - OpenID Connect and Web Application

  4. Set the Sign-in redirect URI to:

    https://your-domain.com/complete/okta-oauth2/
    
  5. Save and note the Client ID, Client Secret, and Okta domain (e.g., https://dev-123456.okta.com)

Important

Do NOT use the /oauth2/default endpoint for Okta authentication.

Application Configuration

Fill Client ID, Client Secret and API URL (e.g. https://dev-123456.okta.com/oauth2) settings with the values from the IdP setup above:

SOCIAL_AUTH_OKTA_OAUTH2_KEY = ''
SOCIAL_AUTH_OKTA_OAUTH2_SECRET = ''
SOCIAL_AUTH_OKTA_OAUTH2_API_URL = ''

Okta OpenID Connect

IdP Setup

Follow the same steps as OAuth2 above, but use the redirect URI:

https://your-domain.com/complete/okta-openidconnect/

Application Configuration

Fill Client ID, Client Secret and API URL (e.g. https://dev-123456.okta.com/oauth2) settings with the values from the IdP setup:

SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = ''
SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = ''
SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = ''