# Textual configuration (self-hosted)

On a self-hosted instance, after you [complete the configuration in Okta](https://docs.tonic.ai/textual/textual-install-administer/user-access-textual/textual-sso/textual-sso-okta/okta-configuration), uncomment and configure the relevant [environment variables](https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/textual-env-var-configure) in Textual.

### Kubernetes

For Kubernetes, the settings are in the `Okta SSO Config` section of **values.yaml**:

```
# Okta SSO Config
# -----------------
#oktaAuthServerId: <customer auth server if you have one>
#oktaClientId: <client-id>
#oktaDomain: <sso-domain>
#oktaIdentityProviderId: <identity-provider-id>
#oktaGroupFilterRegex: <regular expression to identify allowed groups>
```

* `oktaAuthServerId` - If you created a custom authorization server, the server ID.\
  \
  If you do not use a custom authorization server, then you can omit this.
* `oktaClientId` - The client identifier of the application.
* `oktaDomain` - The Okta domain.
* `oktaIdentityProviderId` - If you use a third-party provider, the provider identifier.\
  \
  If you do not use a third-party provider, you can omit this.

### Docker

For Docker, the settings are in **.env**:

```
#SOLAR_SSO_OKTA_CLIENT_ID=#<client ID>
#SOLAR_SSO_OKTA_DOMAIN=#<SSO domain>
#SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID=#<third-party provider identifier>
#SOLAR_SSO_OKTA_GROUP_FILTER_REGEX="<regular expression to identify allowed groups>
```

* `SOLAR_SSO_OKTA_CLIENT_ID` - The client identifier of the application.
* `SOLAR_SSO_OKTA_DOMAIN` - The Okta domain.
* `SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID` - If you use a third-party provider, the provider identifier.\
  \
  If you do not use a third-party provider, then you can omit this.