πOkta Sign-In Setup
This guide describes how to configure Okta as an identity provider for signing in to P0 Security. After completing this setup, your users can authenticate to the P0 web app at https://p0.app and the P0 CLI using their Okta credentials.
This guide covers signing in to P0 with Okta. This is different from the Okta Directory Integration, which enables P0 to manage access and inventory within your Okta instance.
Approximate setup time: 15 minutes
Prerequisites
An existing P0 Security account
Administrative access to your Okta instance with one of the following roles:
Super Administrator
Application Administrator
Overview
Setting up Okta sign-in for P0 involves:
Step 1: Contact P0 Security
Before configuring Okta, contact P0 Security to start the setup process:
Email: [email protected]
P0 confirms your organization is ready for Okta sign-in configuration.
Step 2: Create an application integration
Log in to the Okta Admin Portal.
The admin URL is your subdomain plus -admin (for example, companyname-admin.okta.com). If you have customized your domain, access the admin console using your un-customized domain.
Select Applications > Applications from the menu.
Click Create App Integration.
In the "Create a new app integration" modal:
Select OIDC - OpenID Connect as the Sign-in method.
Select Native Application as the Application type.
Click Next.
Step 3: Configure OIDC parameters
On the "New Native App Integration" page, configure the following settings:
App integration name: Enter
P0 Security.Logo (optional): Upload the P0 logo if desired.
Grant type: Enable the following grant types:
Authorization Code
Device Authorization
Token Exchange
Sign-in redirect URIs: Add the following URI:
Assignments: Configure access for your organization:
To enable P0 for everyone, select Allow everyone in your organization to access.
To restrict access to specific groups, select Limit access to selected groups and choose the appropriate Okta groups.
Click Save.
Step 4: Verify client credentials
After creating the application, verify the client credentials settings:
Navigate to the General tab of your new P0 Security application.
In the Client Credentials section, confirm:
Client authentication is set to None
Proof Key for Code Exchange (PKCE) is enabled
Step 5: Share configuration with P0
Share the following information with P0 Security to complete the setup:
Okta organization URL: Your Okta domain (for example,
mycompany.okta.com)Client ID: Found in the Client Credentials section of the General tab
These values aren't secrets and are safe to share over email or Slack.
Send these values to [email protected] or your P0 account executive. P0 configures your organization and confirms when Okta sign-in is ready.
Signing in with Okta
Once P0 confirms the configuration is complete, users can sign in:
Web app:
Navigate to https://p0.app.
Click Sign in with Okta.
Authenticate with your Okta credentials.
CLI:
Run
p0 login.Complete authentication in the browser window that opens. The CLI automatically uses Okta once your organization is configured.
Your organization is now configured to sign in to P0 Security using Okta.
Related topics
Okta Directory Integration β For managing access and inventory within Okta
Last updated