Okta
Let your team sign in with their Okta accounts.
Your redirect URI
Okta will ask for a sign-in redirect URI. Use your hub’s URL with this exact path:
https://your-hub-url/api/auth/okta/callbackSetup
Create an app integration
In your Okta admin panel, go to Applications → Applications and click Create App Integration. Choose OIDC - OpenID Connect and Web Application.
Set the redirect URI
Add https://your-hub-url/api/auth/okta/callback as a sign-in redirect URI, then click Save.
Grab your credentials
Copy the Client ID and Client Secret.
Add everything to Perch
Open the Okta card in Perch (Admin → Auth), paste in the Client ID and Secret, fill in the Base URL (see below), and enable it.
Base URL is just the domain
For the Base URL field, enter your Okta org domain without the https:// prefix, like yourcompany.okta.com. Perch adds the scheme and the /oauth2/default/... path itself, so including https:// would break the URLs. Perch uses Okta’s built-in default authorization server.
Assigning users
In Okta, make sure the users or groups that should have access have this application assigned to them. Anyone not assigned to the app can’t sign in, even with a perfectly valid Okta account.