Skip to content
API Reference
Tutorials
Use Okta for sign in

Use Okta for sign in

Tutorial on using Okta for user authentication.

In this tutorial, we will configure user authentication to occur through Okta. We will start by creating an application in your Okta organization. We will then configure Okta as a provider in your Keycard zone. This application and provider pair creates a connection that will allow users to sign in using Okta.

For illustrative purposes, the zone in this tutorial is named “Example” and is available at the domain example.keycard.cloud.

Create application in Okta

Section titled “Create application in Okta”

In the first phase of this tutorial, we will create an application in Okta. You’ll configure the application with the necessary settings to connect it to your zone.

  1. In Okta Admin Console, select Applications > Applications in the navigation menu.

  2. On the Applications page, click the Create App Integration button. A Create a new app integration wizard will appear.

    Select OIDC - OpenID Connect as the Sign-in method.

    We use OpenID Connect here because it is a more modern and standard authentication protocol.

    An Application type section will appear. Select Web application.

    Click the Next button. You will be directed to a New Web App Integration page.

  3. The New Web App Integration page is where settings are configured.

    Under General Settings, enter “Example”, which is the name of your zone, as the App integration name.

    Scroll down to Sign-in redirect URIs and enter: https://example.keycard.cloud/oauth/2/redirect

    Scroll down to Sign-out redirect URIs and enter https://example.keycard.cloud/openid/connect/redirect/logout.

    Double check that the domain in the URLs matches the domain of your zone.

    Scroll down to Assignments. For the Controlled access setting, select Allow everyone in your organization to access. An Enable immediate access setting will appear, which is enabled by default.

    Click the Save button.

You’ve successfully created an application in Okta. You should now be on the settings page for the new Example application. This application will allow users in your organization to sign into your zone using their Okta account.

Remain on this page, as we will need to refer to the settings in the next phase.

Create provider in Keycard

Section titled “Create provider in Keycard”

In the next phase of this tutorial, we will create a provider in Keycard. You’ll configure the provider with the necessary credentials to connect to your Okta organization.

It is recommended that you complete these steps in a new browser tab or window, as you’ll need to copy and paste settings between Okta Admin Console and Keycard Console.

  1. In Keycard Console, select Providers in the navigation menu.

  2. On the Providers page, click the Add provider button. A Create provider screen will appear.

    In the Name field, enter “Okta”.

    In the Issuer URL field, enter your Okta domain, prefixed with https:// as the URL scheme. For example: https://acme.okta.com. You can find your domain by clicking your name in the top-right corner of Okta Admin Console. The domain appears in the menu.

    In the Client ID field, enter the Client ID that Okta assigned to the newly created Example application. This can be found on the settings page for the application in Okta Admin Console. It is easiest to copy and paste the Client ID from Okta Admin Console to Keycard Console.

    In the Client Secret field, enter the Client Secret that Okta generated for the Example application. This can be found on the same settings page. Notice that there is a list of Client Secrets, which should contain a single secret. It is easiest to copy and paste the secret from Okta Admin Console to Keycard Console.

You’ve just create a provider in Keycard that is connected to your Okta organization!

Use Okta for sign in

Section titled “Use Okta for sign in”

In the final phase of this tutorial, we will configure user authentication to occur through Okta.

  1. In Keycard Console, select Zone Settings in the navigation menu.

  2. On the Zone settings page, scroll down to the Zone sign in configuration settings.

    Toggle Use an external Identity Provider to on. In the Identity Providers drop-down list, select “Okta”.

    Click the Save Changes button.

You have just configured your zone to authenticate users through Okta! Now, whenever an employee in your company attempts to access an application or resource protected by Keycard, they’ll sign in using their Okta account.