This document details the steps to set up Okta SSO to manage authentication for strongDM.

  1. Enable OpenID Connect: Confirm that OpenID Connect is enabled for your account. If it is not, please contact Okta support and request that they enable it. This can be completed in minutes.

  2. Create application: Click “Add Application” and select “Web.”

    "Create new application"

  3. Configure application: Name the application “strongDM” and input the Login redirect URI: https://app.strongdm.com/auth/return. Ensure Authorization Code and Refresh Token are both checked.

    "Configure application"

  4. Capture client ID and client secret: On the next page, note the Client ID and Client secret fields. You will need these values in the next step.

    "Client ID and client secret"

  5. Enter the account details in strongDM: In the strongDM app, go to “Settings” -> Authentication, choose Okta from the drop down menu and add your URL (https://<yourorg>.okta.com), ClientID, and Client Secret.

    "Configure Okta in strongDM"

  6. Confirm Okta access: On the Okta side again, confirm that the email addresses for all users are identical in both strongDM and your SSO. Confirm that all users who you intend to grant database access have access to the strongDM application by default, and if all of the above is true, you should be ready to enable SSO.

  7. If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.