# Okta > **BETA** Configuring Okta for your Organizational Unit gives your users the ability to sign in to their accounts using Okta as an SSO provider. > **WARNING:** Before you start, please make sure that you are configuring Okta for just one Organizational Unit, as conflicts in the SSO may arise. For instance, if you're in both a Production and a Test OU, opt for setting Okta up in Production; this will still provide access to Test for users in both OUs. ## Configuring Okta for your Cronofy Organizational Unit - In Cronofy, select your Organizational Unit Settings, choose the *Integrations* tab, then select Set Up New Integration. - Select Okta from the list. ![](/images/okta-set-up-new-config.808ccd04965edf70ee5f60cfa25a74f9fd13f1440e5499db031ec93b4defd4a0.png)
    - We provide the **Sign-in redirect URI** and **Initiate login URL** here which you will need in the following steps. ## Creating a new Okta app integration In your Okta account, create a new app integration with the following settings: ![](/integrations/okta/okta-create-new-app.66906db7e4464e52bf76e12260303b3d21987709697a72038b1182f2b98dc1a4.png) Click next, then configure the **Sign-in redirect URI** using the value from the previous step. Choose **Skip group assignment for now**, then click **Save**. ![](/integrations/okta/okta-general-settings.93e9caf51acea486f4f7d9b0cae97da9c2fd4608b21691ef7efd1396ad3e1a60.png) Now that your new app has been created, click **Edit** next to the **General Settings** section. We recommend setting **Login initiated by** to **Either Okta or App** and ticking **Display application icon to users** under **Application visibility** in order to ensure your Cronofy app integration is visible to users on their Okta home page. Use the **Initiate login URL** from the previous section to populate that field of the **Login** section. These settings should look something like this: ![](/integrations/okta/okta-application-visibility.71e1a4ad601e509705f8aab35c7890631bb0dc8ddb5250e9df764966f383f906.png) In the **Sign On** tab of your Okta app, change the **Issuer** option of the **OpenID Connect ID Token** settings to **Okta URL**. Make a note of this value as it will be needed in the following steps, referred to as **Issuer URL**. ![](/integrations/okta/okta-issuer-url.0694e7d63c34002cac573c302fab04816b999f0cb5310acd08b24d193ea2d970.png) Next, copy the **Client ID** and **Client Secret** under the **General** tab of your Okta app. ![](/integrations/okta/okta-credentials.42a938fe00df777c66bb767de9bd1a68adc2311a4a5778e51fdbb234b0c70a69.png) ## Back to your Cronofy Organizational Unit Set **Client ID**, **Client Secret** and **Issuer URL** in your Organizational Unit integration configuration. Finally, set **Sign-in domains** with one or more domains from the email addresses that your users will be using to sign in, and click **Save**. > **WARNING:** Sign-in domains must be pre-approved by one of our support team, else they will be rejected. ![](/integrations/okta/okta-integration-set-values.5e53125fd8f4180f310bb5e8a2c72d7eecdc2de4908175ce5ae36546e1d9c5ef.png) ## Finished Okta is now configured in Cronofy. Your users will need to be assigned to the Cronofy app integration in Okta in order to successfully log in, as well as having accounts in Cronofy provisioned with an email address matching their Okta profile. Users will also need to be part of the Organizational Unit the integration has been configured for. The assumption is that Okta will be your user's only Single Sign On provider, and so you will most likely need to provision your user's accounts via Enterprise Connect, as they won't be able to accept Organizational Unit invitations/sign up for the Scheduler in the traditional way, see the [this documentation](/scheduler/enterprise-onboarding/index.md) on Scheduler Onboarding. Help your users identify the Cronofy app integration by using this compatible logo below (use right click 'Save Image As...'): ![](/integrations/okta/okta-app-cronofy-logo.607eecc43cd549af6832818f96d817ba7a40342633967d3875dbbd8d81b3f481.png) Then edit the logo in Okta here: ![](/integrations/okta/okta-update-logo.8743c5b939bfd329929dac09d265184c4d2c4136e5dd3989271517ef62f155d9.png) --- [Read in HTML](/integrations/okta/)