Okta - OIDC Tutorial
- Log in to the Knock Admin Dashboard as an admin: https://dashboard.knock-ai.com/settings/administration/security/sso-provider
- In a new tab, open the Okta Admin Console (admin account required).
- In Okta, go to Security → API and copy the Issuer URI from the relevant Authorization Server.
- Go to Applications → Applications and click Create App Integration.
- Select OIDC - OpenID Connect, then Web Application, and click Next.
Create the Okta OIDC app (Okta)
- In General Settings:
- App name: Knock AI
- Upload the Knock AI logo (download it from the Knock SSO setup page).
- Under Sign-in redirect URIs, paste the redirect URL from the Knock SSO setup page.
- Under Trusted Origins, add https://api.knock-ai.com.
- Under Assignments, choose which users/groups should have access, then click Save.
- Make sure Scopes include at least email and openid.
Copy Okta credentials into Knock (Knock)
- In Okta, copy the Client ID and Client Secret.
- On the Knock SSO setup page, select Okta OIDC from the providers list, paste the Client ID and Client Secret, then click Next.
- Under Map claims & Roles, keep email, then click Next.
Finish + test (Okta + Knock)
- In Knock, choose whether SSO is Required or Optional, then click Test Connection.
- Once the test succeeds, Activate the SSO integration.
✅ Done — Okta OIDC is now connected. Users can sign in using SSO (and email sign-in if you set SSO to Optional).