# Okta Sign-In Setup This guide describes how to configure Okta as an identity provider for signing in to P0 Security. After completing this setup, your users can authenticate to the P0 web app at and the P0 CLI using their Okta credentials. {% hint style="info" %} This guide covers **signing in to P0 with Okta**. This is different from the [Okta Directory Integration](/integrations/directory-integrations/okta.md), which enables P0 to manage access and inventory within your Okta instance. {% endhint %} **Approximate setup time:** 15 minutes ## Prerequisites * An existing P0 Security account * Administrative access to your Okta instance with one of the following roles: * Super Administrator * Application Administrator ## Overview Setting up Okta sign-in for P0 involves: 1. [Contact P0 Security](#step-1-contact-p0-security) 2. [Create an application integration in Okta](#step-2-create-an-application-integration) 3. [Configure OIDC parameters](#step-3-configure-oidc-parameters) 4. [Verify client credentials](#step-4-verify-client-credentials) 5. [Share configuration with P0](#step-5-share-configuration-with-p0) ## Step 1: Contact P0 Security Before configuring Okta, contact P0 Security to start the setup process: * **Email:** P0 confirms your organization is ready for Okta sign-in configuration. ## Step 2: Create an application integration 1. Log in to the Okta Admin Portal. {% hint style="info" %} The admin URL is your subdomain plus `-admin` (for example, `companyname-admin.okta.com`). If you have customized your domain, access the admin console using your un-customized domain. {% endhint %} 2. Select **Applications** > **Applications** from the menu. 3. Click **Create App Integration**.

Okta Admin Applications page with the Create App Integration button highlighted

4. In the "Create a new app integration" modal: * Select **OIDC - OpenID Connect** as the Sign-in method. * Select **Native Application** as the Application type.

Okta Create a new app integration modal with OIDC - OpenID Connect and Native Application selected

5. Click **Next**. ## Step 3: Configure OIDC parameters On the "New Native App Integration" page, configure the following settings: 1. **App integration name:** Enter `P0 Security`. 2. **Logo** *(optional)*: Upload the P0 logo if desired.

3. **Grant type:** Enable the following grant types: * Authorization Code * Device Authorization * Token Exchange

Okta New Native App Integration settings showing grant type options with Authorization Code, Device Authorization, and Token Exchange enabled

4. **Sign-in redirect URIs:** Add the following URI: ``` https://p0.app/oidc/auth/_redirect ``` 5. **Assignments:** Configure access for your organization: * To enable P0 for everyone, select **Allow everyone in your organization to access**. * To restrict access to specific groups, select **Limit access to selected groups** and choose the appropriate Okta groups.

Okta app integration settings showing sign-in redirect URIs, sign-out redirect URIs, and Assignments section

6. Click **Save**. ## Step 4: Verify client credentials After creating the application, verify the client credentials settings: 1. Navigate to the **General** tab of your new P0 Security application. 2. In the **Client Credentials** section, confirm: * **Client authentication** is set to **None** * **Proof Key for Code Exchange (PKCE)** is enabled

Okta P0 Security app General tab showing Client Credentials with Client authentication set to None and PKCE enabled

## Step 5: Share configuration with P0 Share the following information with P0 Security to complete the setup: 1. **Okta organization URL:** Your Okta domain (for example, `mycompany.okta.com`) 2. **Client ID:** Found in the **Client Credentials** section of the **General** tab {% hint style="info" %} These values aren't secrets and are safe to share over email or Slack. {% endhint %} Send these values to or your P0 account executive. P0 configures your organization and confirms when Okta sign-in is ready. ## Signing in with Okta Once P0 confirms the configuration is complete, users can sign in: **Web app:** 1. Navigate to . 2. Click **Sign in with Okta**. 3. Authenticate with your Okta credentials. **CLI:** 1. Run `p0 login`. 2. Complete authentication in the browser window that opens. The CLI automatically uses Okta once your organization is configured. {% hint style="success" %} Your organization is now configured to sign in to P0 Security using Okta. {% endhint %} ## Related topics * [Supported identity providers](/getting-started/p0-security-onboarding/supported-identity-providers.md) * [Okta Directory Integration](/integrations/directory-integrations/okta.md) — For managing access and inventory within Okta * [Installing P0 CLI](/p0-cli/installing-p0-cli.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.p0.dev/getting-started/p0-security-onboarding/supported-identity-providers/okta-sign-in-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.