> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Okta > Configure Okta OAuth for your Session application. This guide walks you through configuring Okta as a social login provider for your application. ## Prerequisites * An [Okta](https://www.okta.com/) account with admin access * Your Okta **Client ID**, **Client Secret**, and **Issuer URL** ## Configure Okta OAuth 1. Log in to the [Okta Admin Console](https://login.okta.com/) 2. Navigate to **Applications** > **Applications** 3. Click **Create App Integration** 4. Select **OIDC - OpenID Connect** as the sign-in method 5. Select **Web Application** as the application type 6. Click **Next** 7. Enter a name (e.g. "Prelude Session") 8. Under **Sign-in redirect URIs**, replace the default value with: ``` https://${YOUR_CUSTOM_DOMAIN}/v1/session/login/oauth/okta/callback ``` Replace `${YOUR_CUSTOM_DOMAIN}` with your [custom domain](/session/documentation/domain-names) (e.g. `session.yourapp.com`). 9. Click **Save** 10. Copy the **Client ID** and **Client Secret** from the application settings page The redirect URI must match exactly. Make sure there is no trailing slash and that you are using `https`. Your Issuer URL is found in **Security** > **API** > **Authorization Servers** in the Okta Admin Console (e.g. `https://dev-123456.okta.com/oauth2/default`). You will need it in the next step. ```bash theme={null} curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/okta \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "client_id": "your-okta-client-id", "client_secret": "your-okta-client-secret", "enabled": true, "options": { "use_email_as_identifier": true, "allow_email_account_merge": true }, "okta": { "issuer_url": "https://dev-123456.okta.com/oauth2/default" } }' ``` | Field | Description | | ----------------------------------- | ----------------------------------------------------------------------------------------------------------- | | `client_id` | Your Okta OAuth client ID. | | `client_secret` | Your Okta OAuth client secret. | | `enabled` | Set to `true` to enable Okta login. | | `okta.issuer_url` | Your Okta authorization server Issuer URL (e.g. `https://dev-123456.okta.com/oauth2/default`). | | `options.use_email_as_identifier` | When `true`, the user's Okta email is stored as an email identifier. | | `options.allow_email_account_merge` | When `true`, if a user with the same email already exists, the Okta account is linked to the existing user. | ## Update the configuration To update an existing Okta OAuth configuration: ```bash theme={null} curl -X PUT https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/okta \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "client_id": "your-new-okta-client-id", "client_secret": "your-new-okta-client-secret", "enabled": true, "options": { "use_email_as_identifier": true, "allow_email_account_merge": true }, "okta": { "issuer_url": "https://dev-123456.okta.com/oauth2/default" } }' ``` ## Delete the configuration To remove Okta OAuth from your application: ```bash theme={null} curl -X DELETE https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/okta \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" ``` ## What's next? Now that Okta OAuth is configured on your backend, integrate the frontend using the [Web Integration](/session/documentation/frontend-sdks/web/social-login) guide.