Background

Twingate integrates with Okta in order to both synchronize user accounts and delegate user authentication to Okta. Only users that are assigned to the Okta Twingate application will be able to use Twingate and access private resources.

Twingate delegates the following functions to Okta via the Okta Twingate application:

User authentication via OpenID Connect
User and group synchronization via SCIM

When activating your Twingate account with Okta, you will need to set up an Authentication Policy with the credentials from the Okta Twingate application. You can configure what Okta sign in policies apply to users of the Twingate client application via this Okta Twingate application.

Steps to configure the Okta Twingate integration

Follow the steps below to configure the Okta Twingate integration. You will need to do the following:

Create and configure the Twingate application in the Okta Admin console
Complete and validate the integration configuration in the Twingate Admin console

Supported Features

Currently we support Service Provider Initiated (SP-Initiated) SSO via OpenID Connect (OIDC), and SCIM for user and group sync.

Requirements

Okta OIDC integration is supported for Twingate customers on the Business and Enterprise tiers.

Setting up the Okta Twingate application

Under Applications page, select Browse App Catalog.

Screen Shot 2021-07-16 at 1.25.58 PM.png

Search for Twingate, and then select it.

Screen Shot 2021-07-16 at 1.27.37 PM.png

Click Add

Screen Shot 2021-07-16 at 1.29.01 PM.png

Enter your Twingate subdomain in the Subdomain input.

We recommend that you check the two "Application Visibility" boxes (shown below) to hide Twingate in your users' Okta dashboard because users can only authenticate when starting their session from the Twingate Client application on their device.

Screen Shot 2021-07-16 at 1.33.04 PM.png

Assign the Twingate application to users or groups.

Make sure to assign at least yourself so you can authenticate via Okta to complete the integration.

📘
Suggestion
If you plan to have multiple admins in Twingate, we recommend that you create an Okta group e.g. "Admins" and assign the Twingate Okta app to that group. Avoid using a different group that includes yourself because if you remove that group from Twingate Okta app in the future, your user will also be removed, and you will be unable to log in Twingate.

Screen Shot 2021-07-13 at 5.19.17 PM.png

Completing the Okta integration in Twingate

When activating the Okta integration in the Twingate Admin console, you will be presented with the screen below.

a3e8730-Screen_Shot_2021-07-16_at_2.24.33_PM.png

For the Okta Domain, you can copy it in the global header located in the upper-right corner of the Okta dashboard (see this Okta guide for details).
For the Client ID and Client Secret, you can copy those values in the Sign On tab of the Twingate application you created in Okta.

Screen Shot 2021-07-16 at 2.33.35 PM.png

In Twingate, you'll be asked to sign in with Okta to make sure the credentials are entered correctly. Follow the wizard to complete activate Okta integration.

Okta Configuration

Setting up the Okta Twingate application

📘
Suggestion

Completing the Okta integration in Twingate

Setting up the Okta Twingate application

📘Suggestion

Completing the Okta integration in Twingate

📘
Suggestion