Hex Docs
Okta SSO Integration
Hex supports integrating with Okta SSO via OID for login management. Users who are able to login using Okta credentials will automatically be created in Hex.

Creating an App Integration in Okta

Before doing the Hex side configuration, you must have an Okta app integration configured in Okta. This should be created with OIDC as the sign-in method and Web Application as the application type.
After naming your integration and optionally providing a logo, you should use the default general settings.
For users on app.hex.tech:
    Sign-In Redirect URI should be in the format https://app.hex.tech/auth/<YOUR-ORG-NAME>/sso
    Sign-Out Redirect URI should be in the format https://app.hex.tech/<YOUR-ORG-NAME>
For single-tenant dedicated installs:
    Sign-In Redirect URI should be in the format https://<YOUR-HEX-DOMAIN-NAME>/auth/global/sso
    Sign-Out Redirect URI should be in the format https://<YOUR-HEX-DOMAIN-NAME>

Configuring Hex to Integrate with Okta

Navigate to the Security section of your Administration Panel and fill in the SSO Configuration section with the appropriate details.
    Issuer should be in the format https://<YOUR-OKTA-ACCOUNT>.okta.com/.well-known/openid-configuration
    Client ID and Client Secret can be found in the Client Credentials section of your Okta app integration page
Toggle the "Enable SSO" switch on to allow users to sign on with SSO.
Toggle the "Enforce SSO" switch to require users to sign on with SSO.
Verify that SSO sign in works as expected before enabling the "Enforce SSO" option
Confirm that Okta integration works as expected by logging out of Hex and logging in using the newly available "Log in with SSO" option.
Last modified 2mo ago