Introduction
This article explains how to set up Single Sign-On (SSO) with Okta for organization members. When Okta SSO is enabled, members can log in to the NordPass app using their Okta credentials instead of a user password.
Before you start
- You need to have access to an Okta tenant.
- You are an administrator of the Okta tenant and NordPass.
- Your organization is on the NordPass Enterprise plan.
- A NordPass organization has already been created.
- Your organization members’ email addresses exactly match their Okta accounts.
- The confirmation of whether your organization's data is stored in the U.S. or EU data center.
Here's what to do
- Log in to the Okta Admin Console.
- Open the “Applications” section, and select “Create App Integration”.
- Select “OIDC – OpenID Connect” as the sign-in method and “Web Application” as the application type, then click “Next”.
- Enter an App integration name (we suggest using NordPass). You can also add the NordPass logo, which will be visible in Okta.
- In the “Grant type” section, select “Client credentials” and “Implicit” - hybrid.
- In “Sign-in redirect URLs”, enter one of the following URLs based on where your NordPass organization data is stored:
- In the “Assignments” section, select “Allow everyone in your organization to access” and enable “Immediate access with Federation Broker Mode”, then click “Save”.
- After the NordPass application is created, open it in Okta and copy the following details from the “General” section:
- Client ID
- Client Secret
- Okta domain
- Log in to the NordPass Admin Panel
- Click “Authentication” and select “Okta”.
- Enter the Client ID, Client Secret, and Okta domain collected from Okta, then click “Save”.
- Enable “Turn on SSO Method” to activate Okta Single Sign-On.
- To log in using Okta, follow this guide.