Twingate integrates with Okta in order to both synchronize user accounts and delegate user authentication to Okta. Only users that are active in Okta will be able to use Twingate and access private resources.

Twingate delegates user authentication to Okta based on the Okta application(s) that you link to Twingate. When activating your Twingate account with Okta, you will need to set up an Access Policy. The Client Access Policy determines what default authentication policy applies to users of the Twingate client application. This always applies to users connecting to Twingate.

Follow the steps below to configure Access Policies in the Okta Admin UI.

Creating a Client Access Policy

The Client Access Policy is the Okta policy that is used to authenticate users when they connect to Twingate via the desktop or mobile app.

To create a Client Access Policy, follow the steps detailed in Okta Access Policies to create a new application in Okta. This application will be linked to Twingate by reference to its client ID and secret.

• We suggest calling this policy "Twingate Users" or similar, for clarity.

Creating additional Access Policies

You can create additional Access Policies in Okta in order to apply different authentication policies to different Roles in Twingate. This allows you to set policies that match the level of security required by different groups.

To create additional policies, follow the steps detailed in Okta Access Policies to create a new application in Okta. You can then link this application to a new Access Policy in the Twingate admin console.