> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta Configuration

> Learn how to configure Okta SSO for your Cantina organization

Cantina integrates directly with Okta for authentication. The setup process involves configuring an application in Okta's admin console and then connecting it through Cantina's SSO settings.

## Okta Settings

1. Navigate to the Okta Admin Console and select **Applications**.

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-1.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=4f4da04bde0f39c52e8f04b10f6cf29c" alt="Okta Admin Console Applications page." width="3694" height="2518" data-path="assets/okta-step-1.png" />

2. Click **Create App Integration** and select **OIDC - OpenID Connect**, then click **Next**.

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-2.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=372faf23bf669a9bec5fc3af6ae8442e" alt="Okta Create App Integration with OIDC selected." width="3606" height="2430" data-path="assets/okta-step-2.png" />

3. Select **Web Application** as the application type.

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-3.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=4bb107ed536ab1fc0708d2981898c0ac" alt="Okta Web Application type selection." width="3694" height="2518" data-path="assets/okta-step-3.png" />

4. Configure your application:
   * Name your application (e.g., "Cantina")
   * Set the **Sign-in redirect URI** to: `https://cantina-prod.us.auth0.com/login/callback`

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-4.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=c17437482a6bd1a7779be15a04b648b8" alt="Okta application configuration with redirect URI." width="3694" height="2518" data-path="assets/okta-step-4.png" />

## Cantina Settings

1. Go to your organization's SSO settings at [https://cantina.xyz/organization/settings/sso](https://cantina.xyz/organization/settings/sso)

2. Click **Add SSO Connection**

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-5.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=890c91c4cd01417938772d462baa123b" alt="Cantina SSO settings page." width="3694" height="2518" data-path="assets/okta-step-5.png" />

3. Enter the following information from your Okta application:

| Field               | Description                                                                                 |
| ------------------- | ------------------------------------------------------------------------------------------- |
| **Okta Tenant URL** | Your Okta domain URL. Remove "-admin" from your admin panel URL if present.                 |
| **Client ID**       | Found in your Okta application settings (see below).                                        |
| **Client Secret**   | Found in your Okta application settings (see below).                                        |
| **Email Domain**    | The email domain for your organization. Contact Cantina support if you need to modify this. |

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-6.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=f60508597067a87382661bf7b765bdab" alt="Okta Client ID location." width="1170" height="106" data-path="assets/okta-step-6.png" />

<img src="https://mintcdn.com/cantina/QjJKK_5ZTvmnE_T-/assets/okta-step-7.png?fit=max&auto=format&n=QjJKK_5ZTvmnE_T-&q=85&s=ebbf77476f4f67a3855ecb00a56ca80d" alt="Okta Client Secret location." width="3694" height="2518" data-path="assets/okta-step-7.png" />

<Note>
  All users with this email domain will be automatically redirected to Okta when they log in to Cantina.
</Note>

## Testing

After configuration, log out of Cantina and attempt to sign in using your email address. You should be automatically redirected to Okta's authentication system.