> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cora.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Enable Okta Workforce SSO for single sign-on to Cora

> Configure Okta as your identity provider so employees can sign in to Cora.ai with their corporate credentials using OpenID Connect.

The Okta Workforce integration enables Single Sign-On (SSO) for your organization's employees accessing Cora.ai. Once configured, employees authenticate using their existing corporate credentials through Okta — no separate Cora.ai password required. Setup involves creating an OIDC app in Okta and sharing the credentials securely with the Cora.ai team, who complete the backend configuration.

| Detail           | Value                                     |
| ---------------- | ----------------------------------------- |
| Integration type | OpenID Connect (OIDC), Organization-Level |
| Setup time       | 10–15 minutes                             |
| Required role    | Okta Administrator                        |

## Prerequisites

* An active Okta Workforce Identity subscription
* Administrator access in your Okta organization
* Your organization's email domain(s) (e.g., `yourcompany.com`)

## How authentication works

Once the integration is active, Cora.ai automatically routes your employees to Okta based on their email domain:

1. The employee enters their work email (e.g., `john@yourcompany.com`).
2. Cora.ai detects the domain and routes the login request to Okta.
3. The employee authenticates via Okta, including MFA if configured.
4. Upon successful authentication, the employee is logged into Cora.ai.

## Benefits

* **Seamless user experience** — Employees use their existing corporate credentials.
* **Centralized access control** — Manage Cora.ai access through Okta policies and groups.
* **Enhanced security** — Leverage Okta's MFA and adaptive authentication.
* **Zero code changes** — The integration is transparent to end users.
* **Audit & compliance** — All authentication events are captured in Okta's centralized audit logs.

## Setup

<Steps>
  <Step title="Create an Okta OIDC app integration">
    For full details on creating OIDC app integrations, see [Create OIDC app integrations](https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_OIDC.htm) in the Okta Help Center.

    **Create the app:**

    1. Log into the Okta Admin Console as an **Administrator**.
    2. Navigate to **Applications** → **Applications**.
    3. Click **Create App Integration**.
    4. Set **Sign-in method** to **OIDC - OpenID Connect**.
    5. Set **Application type** to **Web Application**.
    6. Click **Next**.

    **Configure application settings:**

    | Setting                | Value                                    |
    | ---------------------- | ---------------------------------------- |
    | App integration name   | `Cora.ai` (or your preferred name)       |
    | Grant type             | Authorization Code (selected by default) |
    | Sign-in redirect URIs  | `https://auth.cora.ai/login/callback`    |
    | Sign-out redirect URIs | Leave blank (optional)                   |
    | Trusted Origins        | `https://cora.ai/`                       |

    Under **Assignments**, choose who can access the application. Start with specific groups for pilot testing before rolling out organization-wide.

    Click **Save**.

    **Save your credentials:**

    After saving, open the application details page and copy the following values — you'll need them in Step 2:

    * **Okta Domain** — Your organization's Okta domain (e.g., `yourcompany.okta.com`)
    * **Client ID** — Copy this value from the app details page
    * **Client Secret** — Click **Show**, then copy the value
  </Step>

  <Step title="Share credentials securely with Cora.ai">
    Once you've created the Okta application, send the credentials to Cora.ai so the team can complete the backend configuration.

    **Required information:**

    | Field               | Description                                                                         |
    | ------------------- | ----------------------------------------------------------------------------------- |
    | **Okta Domain**     | Your organization's Okta domain (e.g., `yourcompany.okta.com`)                      |
    | **Client ID**       | Unique identifier for the Okta app you created in Step 1                            |
    | **Client Secret**   | Authentication secret for the Okta app from Step 1                                  |
    | **Email Domain(s)** | Your organization's email domain(s) for automatic routing (e.g., `yourcompany.com`) |

    <Warning>
      Never share your Client ID or Client Secret over unencrypted channels such as plain email or chat. Use one of the secure methods below.
    </Warning>

    **Recommended: share via Bitwarden Send**

    Bitwarden Send is a secure one-time sharing tool — no Bitwarden account is required to use it.

    1. Go to [bitwarden.com/products/send](https://bitwarden.com/products/send/).
    2. In the **Text** tab, paste the following, filling in your values:
       ```
       Okta Domain: [your-org].okta.com
       Client ID: [your-client-id]
       Client Secret: [your-client-secret]
       Email Domain(s): yourcompany.com, subsidiary.com
       ```
    3. Click **Create Send**.
    4. Click **Copy Link**.
    5. Send the link to your Cora.ai contact via email or Slack.

    **Alternative sharing methods:**

    If you prefer not to use Bitwarden Send, you can also:

    * Share via your organization's secure file-sharing platform
    * Send via encrypted email
    * Share during a scheduled call with screen sharing

    **What happens next:**

    1. The Cora.ai team receives your credentials securely.
    2. The backend integration is configured — typically within 1 business day.
    3. You'll receive a notification when the integration is ready for testing.
    4. Test the integration with your pilot users before rolling it out organization-wide.
  </Step>
</Steps>
