# Okta Workforce

## In Okta Admin: Create an Okta OIDC Application

An administrator for your company's Okta Workforce needs to log in to the Admin portal and follow the steps below to create an OIDC Application.

Select `Applications` > `Applications`, and `Create App Integration`.

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FFZabyc0mXDXMvIe4rJrJ%2FScreenshot%202023-01-18%20at%204.00.32%20PM.png?alt=media&#x26;token=29f0467a-9ccf-48d2-aec5-ad8f24e3884e" alt=""><figcaption></figcaption></figure>

Select `Create New App`

Choose `OIDC` as the Sign-in method. Choose `Web Application` as your Application Type.

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FqvYjqcLH04fY1oksa04V%2FScreenshot%202023-01-18%20at%204.01.52%20PM.png?alt=media&#x26;token=28e12344-5460-49b2-a704-8b92f566e8f9" alt=""><figcaption></figcaption></figure>

Click the `Next` button

Enter "Pushly" for for the App integration name

Under `Sign-in redirect URIs` enter the following value:

```
https://identity.pushly.com/login/callback
```

Under `Sign-out redirect URIs` enter the following value:

```
https://identity.pushly.com
```

If you are asked for an `Initiate Login URI` you may enter the following value:

```
https://platform.pushly.com
```

For `Controlled access` choose the appropriate option for your organization. Note that the users will still need to be created via the Pushly platform before they are able to log in even if you choose to allow everyone in your organization access via this application.

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FrA3DNUvzIpfL45Ehi5yr%2FScreenshot%202023-01-24%20at%202.27.54%20PM.png?alt=media&#x26;token=6c3d77c0-2b89-40a6-bfb7-b83ba7e3b0cd" alt=""><figcaption></figcaption></figure>

Click the `Save` button

On the next page copy both the `Client ID` and  the `Client Secret`. The user creating the integration in the Pushly platform will need both of these values.

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FiaRDsEnnKxomU5jaRlFE%2FScreenshot%202023-01-18%20at%204.08.25%20PM.png?alt=media&#x26;token=1873fbef-1418-4121-be0d-1192577a4cea" alt=""><figcaption></figcaption></figure>

In addition to the `Client ID` and `Client Secret` you will also need to provide the `Okta Domain`. The Okta Domain is located in the top right of the Admin console or you can follow [these instructions](https://developer.okta.com/docs/guides/find-your-domain/main/) to retrieve the Okta domain.

## Pushly: Create the Okta Identity Provider

Now that you have your `Okta Domain`, `Client ID`, and `Client Secret` you can log into the platform and [navigate to your Organization Settings](https://documentation.pushly.com/platform/organizations/..#accessing-organization-context) page.

Next, click the `Security` tab, and click the `Add Provider` button.

Choose `Okta Workforce` from the `Provider Type` dropdown.

The `Okta` domain should be entered including the `.okta.com` portion. For example: `yourdomain.okta.com`

Fill in the `Client ID` and `Client Secret` that was generated in the first step of this documentation.

Within the `Associated Domains` text area enter each domain name that your organization will be using to to log in via Okta on a separate line. For example, if your email address is `example@yourdomain.com` then you would enter `yourdomain.com`

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2F7OoonmHoKaUPjyeRQHb1%2FScreenshot%202023-06-09%20at%202.11.32%20PM.png?alt=media&#x26;token=145aa769-d922-4b2b-baf4-c42dad69626b" alt=""><figcaption></figcaption></figure>

Once the provider has been successfully created you can begin [inviting users](https://documentation.pushly.com/user-management#creating-a-user) to the platform. Any user invited that has an email address that matches one of the emails provided in `Email Domains` will be sent through Okta for authentication.