# Okta Single Sign-On

## Overview

Herd integrates directly with Okta Single-Sign-On in all editions of the product, helping Okta specific organizations onboard quickly. 

*<mark style="color:$info;">The Herd application is not directly available on the Okta marketplace. You'll need to follow a custom app integration once inside your Okta SSO admin console.</mark>*&#x20;

## Prerequisites

* An active Okta SSO account
* Admin level credentials within the Okta SSO admin console&#x20;
* Check that you have not reached your Okta app limit. *<mark style="color:$warning;">In some Okta plans, there is a cap to how many applications you can setup via SSO. Professional & Enterprise edition typically have an unlimited amount.</mark>*&#x20;
* As of August 2025: <mark style="color:orange;">It's recommended that you do this live with a Herd representative as it requires a manual change on the backend by one of our engineers.</mark>&#x20;

## Add Application To Okta SSO (Open ID Connect)

1. In your Okta dashboard, go to **Applications** and click **Create App Integration**.

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FPqvXmYHYLuxMA53me1NG%2FScreenshot%202025-08-20%20at%2017.12.31.png?alt=media&#x26;token=00965977-8adf-4b40-bfd6-7f95ac69b8ff" alt=""><figcaption></figcaption></figure>

2. Select **OIDC - OpenID Connect** as the sign-in method.

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FQhQcbYTkipq7Z9kBnlyN%2FScreenshot%202025-08-20%20at%2017.06.15.png?alt=media&#x26;token=40c5853e-9c10-42d8-9e27-c8da318a198c" alt=""><figcaption></figcaption></figure>

3. Choose **Web Application** as the application type.

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2Fypjjwwsd6JKUbtkFDqTd%2FScreenshot%202025-08-20%20at%2017.06.24.png?alt=media&#x26;token=4e2781fe-5953-49b5-919a-de35d3bcfade" alt=""><figcaption></figcaption></figure>

4. Name the app something like **"Herd" or "Herd Security"** so it’s easy to identify later.

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FyUR4kxUFQrxaFnyoR2nq%2FScreenshot%202025-08-20%20at%2017.13.57.png?alt=media&#x26;token=6f382579-0167-4679-86da-091136457441" alt=""><figcaption></figcaption></figure>

5. Select users or groups that will have access to the application. Note that this is ONLY for users that will have access to the Herd admin console. General users should not be provided access.&#x20;

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2Fyy14ML3nqIUIkdtt8r4Y%2FScreenshot%202025-08-20%20at%2017.15.32.png?alt=media&#x26;token=c22e3bed-bdb1-49fe-8b5d-00853fc0b3d8" alt=""><figcaption></figcaption></figure>

6. Hit **Save** when done

### Client ID and Client Secret

Once the app integration is created in Okta, you'll need to share the **Client ID** and **Client Secret** with the Herd team. These fields should be automatically generated in the **Client Credentials** section.&#x20;

Securely share this information with the Herd team either live on the call or with a password vault access.&#x20;

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FQW2eVoqAO36ZbrmGvxMm%2FScreenshot%202025-08-20%20at%2017.19.10.png?alt=media&#x26;token=063f0a88-7ed4-4b6c-853e-e0d0efe6172e" alt=""><figcaption></figcaption></figure>

### Sign-In Redirect Setup

1. Once you get the confirmation from the Herd team, you'll need to add the Sign-In Redirect URLs to finish the integration. Scroll down the page to **General Settings** and select **Edit.**&#x20;

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FgydsDP4Sj9tJvcYRiyqD%2FScreenshot%202025-08-20%20at%2017.24.10.png?alt=media&#x26;token=1c93b006-a242-4665-94ee-98cd59fc452f" alt=""><figcaption></figcaption></figure>

2. Scroll down to the **Login** section&#x20;
3. Change the Sign-In Redirect URI to your organization's login URL it should be similar to: \ <mark style="color:$info;">`https://ORGANIZATIONID.auth.us-west-2.amazoncognito.com/oauth2/idpresponse`</mark>
   1. \*Replace the `ORGANIZATIONID` with the one provided by Herd.
4. Set the **Sign-Out Redirect URI** to `https://app.herdsecurity.io`
5. The final settings should look similar to the screen below

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2FTG7PnVnx6UjiBY3WqbVx%2FScreenshot%202025-08-20%20at%2017.30.19.png?alt=media&#x26;token=5ef5bf41-db67-497b-8f41-814eb78efa39" alt=""><figcaption></figcaption></figure>

### Set Application Image&#x20;

1. Scroll to the top of your application settings.&#x20;
2. Select the pencil button next to the gear icon.
3. Save the image below.

<figure><img src="https://2286452423-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrNdsHrfHsFuaMzCbOD5q%2Fuploads%2Fvjx4d80DKVBb3T0OV0yL%2FHigh-Rez%20Logo.png?alt=media&#x26;token=98376ff8-288e-4861-bb67-83afc024043a" alt="" width="188"><figcaption></figcaption></figure>

4. Place it into Okta.&#x20;
5. The login will now show the picture when look at the Okta App SSO view.&#x20;