# Implementing Okta for SSO in Teleskope

## Setup

Before you can implement authorization, you need to register the Teleskope application in Okta by creating an app integration from the **Admin Console**.

1. Open the **Admin Console** for your org.
2. Choose **Applications** to view the current app integrations.
3. Click **Create App Integration**.
4. Select **OIDC - OpenID Connect** as the **Sign-in method**.
5. Select **Web Application** as the **Application type**, then click Next.
6. Enter **Teleskope** for the **App integration name**.
7. In the **Sign-in redirect URIs** box, enter the callback location where Okta returns the browser. Example: **<https://api.mission-control.\\><DOMAIN>/auth/okta/callback**.
   1. **\<DOMAIN>** is typically **CompanyName.teleskope.ai**
   2. Optionally:
      1. Set the **Sign-out redirect URIs** to your Teleskope Dashboard URI.\
         Example: **<https://observatory.\\><DOMAIN>**
      2. Change **Login initiated by** to "Either App or Okta" and check **Display application icon to users** to populate an Okta tile
      3. Set **Initiate login URI** to **<https://api.mission-control.\\><DOMAIN>/login?authType=okta**
8. Fill in the remaining details for your app integration, then click Save.
9. From the **General tab** of your app integration, gather your **Client ID** and **Client secret**
10. Click on your email in the top right of the UI, and copy your **Issuer** value.
    1. The Issuer is typically **CompanyName.okta.com/oauth2**
11. Provide these credentials to your Teleskope Representative

## Provisioning

Teleskope supports JIT provisioning by default, so be cognizant of what users and groups are assigned to the Teleskope-Okta App.