> For the complete documentation index, see [llms.txt](https://docs.tonic.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tonic.ai/textual/textual-install-administer/user-access-textual/textual-sso/textual-sso-okta/okta-configuration.md).
# Okta configuration
For Okta, we strongly recommend that you use the Okta PKCE authorization flow.
## Setting up the application in Okta
To enable Okta as your SSO provider for Tonic Textual, you first complete the following configuration steps within Okta:
1. Create a new application. Choose the **OIDC - OpenId Connect** method with the **Single-Page Application** option.
Create a new app integration
2. Click **Next**, then fill out the fields with the values below:
* **App integration name:** The name to use for the Textual application. For example, Textual, Textual-Prod, Textual-Dev.
* **Grant type:** To use the recommended Okta PKCE authorization flow, under **Core Grant**s, check **Authorization Code** and **Refresh Token**.\
\
To instead use the legacy implicit authorization flow, expand **Advanced**, then under **Other grants**, check **Implicit (Hybrid)**.
* **Sign-in redirect URIs:** For self-hosted instances, `/sso/callback/okta`.\
\
For Textual Cloud, on the **Permission Settings** page, the sign-in redirect URL is displayed on the **Single Sign-On** tab. Copy the value from there and paste it into the field.
* **Base URIs:** The URL to your Textual instance.
* **Controlled access:** Configure as needed to limit Textual access to the appropriate users.
App integration settings
3. After saving the above, navigate to the **General Settings** page for the application and make the following changes:
* **Grant type:** If you are using the recommended Okta PKCE authorization flow, check **Authorization Code** and **Refresh Token**.\
\
To instead use the implicit authorization flow, check **Implicit (Hybrid)** and **Allow ID Token with implicit grant type**.
* **Login initiated by:** **Either Okta or App**
* **Application visibility:** Check **Display application icon to users**
* **Initiate login URI:** ``
Application settings
Login settings
## Getting the required values for the Textual configuration
When you enable SSO in Textual, you must provide values from the configuration in Okta.
In Okta, make a note of the following values that must be provided to Textual:
* **Application client ID:**
* **Your Okta domain** (for example, `tonic.okta.com`). [How to get your Okta domain](https://developer.okta.com/docs/guides/find-your-domain/main/#find-your-okta-domain).
* **Server ID** (If you created a custom authorization server for Textual):
* **IdP ID** (If you use an outside identity provider):
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.tonic.ai/textual/textual-install-administer/user-access-textual/textual-sso/textual-sso-okta/okta-configuration.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.