Okta Configuration

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Business & Enterprise only

Note that our Okta integration is limited to the Business and Enterprise product plans. See our pricing page for more information.

Background

Twingate integrates with Okta in order to both synchronize user accounts and delegate user authentication to Okta. Only users that are assigned to the Okta Twingate application will be able to use Twingate and access private resources.

Twingate delegates the following functions to Okta via the Okta Twingate application:

User authentication via OpenID Connect
User and group synchronization via SCIM

When activating your Twingate account with Okta, you will need to set up an Authentication Policy with the credentials from the Okta Twingate application. You can configure what Okta sign in policies apply to users of the Twingate client application via this Okta Twingate application.

Social Logins Deletion

When activating any of the enterprise identity provider options, all users signing in via social logins will be deleted. The option to invite individual users through a social login will also be removed. You can contact Twingate support if you would like to re-activate this feature in the future.

Steps to configure the Okta Twingate integration

Create and configure the Twingate application in the Okta Admin console
Complete and validate the integration configuration in the Twingate Admin console

Supported Features

Currently we support Service Provider Initiated (SP-Initiated) SSO via OpenID Connect (OIDC), and SCIM for user and group sync.

Requirements

Okta OIDC integration is supported for Twingate customers on the Business and Enterprise plans.

Okta Integration Without Lifecycle Management Module

The Okta Lifecycle Management module is required to utilize direct SCIM User/Group syncing from Okta to Twingate.

If you do not have the Lifecycle Management Module, some additional steps are required. Once you’ve connected Okta to Twingate per the steps below, you will define the users that have access to Twingate within Okta. Users will only be visible in the Twingate Admin panel once they have logged into the Twingate Client and have authenticated against Okta. Users may then be manually added to groups as needed.

Setting up the Okta Twingate application

The first step is to activate the Twingate integration in Okta. See the steps below to complete this configuration.

→ Configure the Twingate Okta Application

Configuring SCIM for User & Group synchronization

Twingate uses the SCIM protocol to synchronize Okta users & groups. This synchronization must be configured separately in Okta following the steps below.

→ Configure SCIM synchronization

Last updated 2 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription