Okta SSO integration

Connect your Alpacon workspace to Okta using the Okta Integration Network (OIN). The Alpacon OIN app uses OpenID Connect (OIDC) with Express Configuration, so a single click sets up the connection, with nothing to configure by hand.

Once connected, your team signs in to Alpacon with their Okta credentials, and you manage who has access to Alpacon directly from Okta.

Prerequisites

Before you begin, make sure you have:

  • An Alpacon workspace on the Enterprise plan
  • The superuser role in your Alpacon workspace
  • Administrator access to your Okta org

Supported features

The Alpacon Okta integration supports the following features:

  • SP-initiated SSO: start sign-in from Alpacon
  • IdP-initiated SSO: start sign-in from the Alpacon tile on your Okta dashboard
  • Just-In-Time (JIT) provisioning: new users are created in Alpacon on first sign-in

For definitions of these terms, see the Okta glossary.

Configuration steps

Step 1: Add Alpacon from the OIN catalog

  1. Sign in to your Okta Admin Console.
  2. Go to ApplicationsBrowse App Catalog.
  3. Search for Alpacon and open the integration.
  4. Click Add Integration.

Step 2: Run Express Configuration

Alpacon uses Express Configuration to set up the OIDC connection automatically.

  1. On the Alpacon app page in Okta, click Express Configuration.
  2. Enter the Alpacon workspace you want to connect.
  3. Sign in to that workspace as a superuser to approve the connection.

The connection is set up automatically, with nothing to copy or paste by hand. Okta also links the dashboard tile to your workspace, so users sign in to the correct workspace from the start.

Step 3: Assign users

  1. Open the Alpacon application in Okta.
  2. Go to AssignmentsAssignAssign to People or Assign to Groups.
  3. Select the users or groups that need access to Alpacon.
  4. Click Done.

Assigned users can now sign in to Alpacon with Okta. New users are created in your Alpacon workspace automatically the first time they sign in.

SP-initiated SSO

To start sign-in from Alpacon:

  1. Go to alpacon.io.
  2. On the sign-in screen, click Continue with Okta.
  3. You’re redirected to Okta to authenticate.
  4. After authenticating, you’re returned to your Alpacon workspace, signed in.

To start sign-in from Okta (IdP-initiated), click the Alpacon tile on your Okta dashboard.

Troubleshooting

  • No Alpacon tile after assignment: confirm the user, or a group they belong to, is assigned to the Alpacon app in Okta.
  • “Continue with Okta” is missing on the sign-in screen: the connection may still be finishing setup. Wait a moment and reload, or re-run Express Configuration.
  • Wrong workspace after sign-in: make sure you used the Alpacon tile set up by Express Configuration.

If the problem persists, contact Alpacon Support.

Need help?

Last updated: