Twingate integrates with Okta in order to both synchronize user accounts and delegate user authentication to Okta. Only users that are assigned to the Okta Twingate application will be able to use Twingate and access private resources.
Twingate delegates the following functions to Okta via the Okta Twingate application:
- User authentication via OpenID Connect
- User and group synchronization via SCIM
When activating your Twingate account with Okta, you will need to set up an Authentication Policy with the credentials from the Okta Twingate application. You can configure what Okta sign in policies apply to users of the Twingate client application via this Okta Twingate application.
- Create and configure the Twingate application in the Okta Admin console
- Complete and validate the integration configuration in the Twingate Admin console
Currently we support Service Provider Initiated (SP-Initiated) SSO via OpenID Connect (OIDC), and SCIM for user and group sync.
Okta OIDC integration is supported for Twingate customers on the Business and Enterprise tiers.
Okta Integration Without Lifecycle Management Module
The Okta Lifecycle Management module is required to utilize direct SCIM User/Group syncing from Okta to Twingate.
If you do not have the Lifecycle Management Module, some additional steps are required. Once you’ve connected Okta to Twingate per the steps below, you will define the users that have access to Twingate within Okta. Users will only be visible in the Twingate Admin panel once they have logged into the Twingate Client and have authenticated against Okta. Users may then be manually added to groups as needed.
The first step is to activate the Twingate integration in Okta. See the steps below to complete this configuration.
-> Configure the Twingate Okta Application
Twingate uses the SCIM protocol to synchronize Okta users & groups. This synchronization must be configured separately in Okta following the steps below.
-> Configure SCIM synchronization
Last updated 2 minutes ago