# Okta (oAuth2)

### Create an Okta account and configure credentials

If you already have an Okta account, you can skip the first two steps and start directly with step 3.&#x20;

1. For testing purposes you can create a **Integrator Free plan** at <https://developer.okta.com/signup/>
2. Follow the installation steps.
3. Login into your Okta account administration
4. Click at **Applications -> Applications -> Create App Integration**.\
   ![](/files/arNAh3Ch3m9bZ6j6ZyIK)
5. Choose **OIDC - OpenID Connect** as **Sign-in method** and **Web-Application** as **Application type** and click **Next**.\
   ![](/files/f3HIwGtck6OmTWqDdT4g)
6. Enter an **App integration name** that can help you to identify the purpose of this integration. Please ensure that **Grant type** has the values **Client Credentials** and **Authorization Code**.\
   ![](/files/MQdiqyEZX1A9asd9SFqU)
7. Enter the **Enter the Sign-in redirect URIs** from your configured Okta service in Shopware. If you haven't configured it yet you can follow our guide at [Configure Okta in Shopware extension](#configure-okta-in-shopware-extension). Clear the value of the field **Sign-out redirect URIs**.\
   ![](/files/s8jEalSTGNtUTb71MlRU)
8. Configure which one of your organisation is allowed to sign it by choosing a **Controlled access** at **Assignments**. Don't forgett to uncheck the **Enable immediate access with Federation Broker Mode** option.\
   ![](/files/mJmawqN2zlWQJpuQf8VG)
9. Click **Save** to create your new app integration.
10. Go ahead to **Security -> API -> Authorization Servers** and click on entry **default.** Switch to tab  **Scopes** in the **default** edit window, add the new scope **check.connection** and click **Save**.\
    ![](/files/NwrB2AcuroLBFJPpDgJH)
11. Click on tab **Access Policies** and create a new policy for **check.connection**.\
    ![](/files/NjWwHzGRfZba8W5pRket)
12. Save the new policy. Now you are ready to go ahead with the configuration of Okta in the Shopware extension.

### Configure Okta in Shopware extension

For detailed information follow the guide for managing the [SSO providers](/en/plugins/single-sign-on-sso/admin-dashboard/mapping.md).\
See screenshot to be aware of the required fields for Okta implementation.

<figure><img src="/files/4jnYmow9sPaWc4oL9IqG" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Don't forget to use the **Check credentials** button after you've entered and saved all credentials. With this button you can check if your connection could be established with Okta.
{% endhint %}

You can find the required credentials (**clientId**, **providerUri** and **clientSecret**) in your created app integration of the Okta account.

If you use the Okta template, all required mapping fields are already pre-configured.

{% hint style="info" %}
If you are not sure, if every person will have all required fields filled please define default values in Shopware SSO mapping configuration.
{% endhint %}

### Add/ edit user in Okta directory

To enable your Okta directory users to sign in at Shopware storefront, you need to add them to your directory.

1. At Directory -> People you'll find a list of all your current directory users. With button **Add person** you can enrich the directory with more users. So first of all: Create all users you'll need for the Shopware storefront login by Okta.
2. Choose the app integration at **Applications -> Applications** which you have [created in your Okta account](#create-an-okta-account-and-configure-credentials).
3. Switch to tab **Assignments**. Here you can find all users, which are currently added for the app integration. By clicking **Assign -> Assign to people** you can add more users.\
   By clicking the pencil at person list, you can edit a user.\
   ![](/files/fDb3CsVOHYKh7VLoqPTw)
4. Please ensure that every person has all fields filled, that are required for Shopware. Required fields are:\
   \- Username\
   \- Name\
   \- Given Name\
   \- Family Name\
   \- Email\
   \- Street Address\
   \- Postal Code\
   \- Country\
   After entering all information click **Save** button.

{% hint style="info" %}
Depending on your Shopware configuration, required fields can differ. For example the **Phone number** could be a required field too.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.premsoft.de/en/plugins/single-sign-on-sso/configuring-an-identity-provider/okta-oauth2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.