> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corsa.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta SSO Integration for Corsa Users

> Configure Okta as an OIDC identity provider so your team can sign in to Corsa with your existing workspace identities.

The Okta integration lets your team sign in to the Corsa application with the identities you already manage in your Okta workspace. You create an OIDC Web Application in Okta, add Corsa as a trusted origin, and send Corsa the resulting client credentials. Corsa completes the federation on its side.

## Prerequisites

* A Super Admin or Org Admin role in your Okta workspace. Trusted Origins fall under "Edit Okta Settings", which only those roles can change.
* The Corsa region your workspace runs in (US or EU). Redirect and trusted-origin values differ per region.

## Setting up the integration

### Step 1: Create an OIDC Web Application

1. Sign in to the Okta Admin Console.
2. Go to **Applications → Applications**.
3. Click **Create App Integration**.
4. Choose:
   * **Sign-in method:** OIDC - OpenID Connect
   * **Application type:** Web Application
5. Click **Next**.

### Step 2: Configure the application

On the **New Web App Integration** screen:

* **App integration name:** any descriptive name (for example, `Corsa`).

* **Grant type:** keep the default **Authorization Code**.

* **Sign-in redirect URIs:** add the Corsa callback URL for your region.

  **US workspace:**

  ```
  https://tweed-compliance.us.auth0.com/login/callback
  ```

  **EU workspace:**

  ```
  https://tweed-compliance.eu.auth0.com/login/callback
  ```

  <Note>These callback URLs use the `tweed-compliance` domain — this is Corsa's Auth0 tenant. Enter the URL exactly as shown.</Note>

* **Sign-out redirect URIs:** leave empty unless your org requires one.

* **Assignments → Controlled access:** choose who should be able to sign in to Corsa through Okta (typically a specific group, or everyone in your org).

Click **Save**.

### Step 3: Add Corsa as a Trusted Origin

Trusted Origins are configured separately from the app, under Security.

1. In the Admin Console, go to **Security → API**.
2. Open the **Trusted Origins** tab.
3. Click **Add Origin**.
4. Enter:
   * **Name:** `Corsa`.
   * **Origin URL:** the Corsa app URL for your region, including the `https://` scheme:
     * US workspace: `https://app.corsa.finance`
     * EU workspace: `https://app.eu.corsa.finance`
   * **Type:** select both **CORS** and **Redirect**.
5. Click **Save**.

### Step 4: Share your credentials with Corsa

From the application's **General** tab, copy the values under **Client Credentials** and send them to the Corsa team along with your Okta domain:

* **Client ID**
* **Client Secret**
* **Okta domain** (for example, `your-org.okta.com`)

Send these over a secure channel — the client secret grants the same access as a password.

Corsa will complete the federation on its side and confirm once your users can sign in through Okta.

## Support

If you run into issues during setup, contact [support@corsa.finance](mailto:support@corsa.finance) with your Okta domain and the region of your Corsa workspace.
