Okta Single Sign-On
Foxglove organizations can use Okta as authorization provider.
To enable SSO for your organization, contact [email protected].
Create an Okta application
Create a new app integration on your Okta dashboard:
- Sign-in method – OIDC - OpenID Connect
- Application type – Single-Page Application
- Grant type – Authorization code
- Sign-in redirect URI – In
YOUR-FOXGLOVE-SLUGon the Settings page)
- Sign-out redirect URI –
- Trusted Origins – Add
- Access – Note that "Federation Broker Mode" is incompatible with Okta tiles
Enable Okta application tile
Optionally, you can enable Okta application tile signin using these settings:
- Login initiated by – Either Okta or App
- Login flow – Redirect to app to initiate login (OIDC Compliant)
- Login URI – Same as the sign-in redirect URL in the previous step (
- Application visibility – Display application icon to users
This Foxglove logo works well as a custom tile icon.
Foxglove OIDC configuration
Configure application settings on the Okta SSO settings page:
Okta domain – Find in the Okta dashboard's profile dropdown (
Client ID – Find in the Applications list, below the app name
(Optional) Disable non-Okta signin
Confirm that your Okta SSO setup works by signing out and signing back in with Okta SSO.
Use the SSO settings tab to disable or re-enable all other authentication methods.
Provision members – Any Okta user with access to the Foxglove Okta application can sign in. A new Foxglove account is automatically created on first signin.
Remove users – Revoke the user's access in Okta, then remove the associated user on Foxglove's Team settings page to sign them out of Foxglove immediately. If non-Okta signin methods are enabled for your account, emails matching your approved domains can always sign up.