Skip to content


This page explains how to use Okta as the identity provider (IdP) to manage access to API Portals.


You can use Okta as IdP for Traefik Hub.

Okta is an identity and access management (IAM) service that provides authentication and authorization.

Before you begin

If you replace your Traefik Hub internal IdP with an external IdP, all users, user groups, and tokens created by the internal IdP will be deleted.

This action is irreversible!

This article assumes that you already have a configured Okta tenant.


Once you configured your Okta account settings, Traefik Hub will automatically create an integration application in Okta and will sync your groups from Okta to Traefik Hub.

Good to know

Users will only be listed in Traefik Hub after a successful login into an API Portal.

First, select Auth settings in the left navigation menu to get to the ID provider overview page in the UI.

IdP overview

Select ID providers

Now, on the IdP overview page, select Okta on the external IdP provider.

IdP selection dialog

IdP selection

In the next step, configure your Okta settings, the URL of your Okta organization, the full URL of your Okta authorization server and the token.

Field Description Required
Organization URL URL of your Okta organization.
Typical the org URL is the tenant name (the subdomain), and then the domain name.
For example,
Issuer URL The full URL of the Okta authorization server.
For example,
You can find more info about authorization servers in the Okta docs
Token Okta API token, used to authenticate requests to Okta APIs. Yes

Dialog box about the Okta configuration

Okta configuration

Once you're done, you can test your configuration by selecting Test connection.

Dialog showing that the configuration works

Successfully connection

If the connection is working, save your configuration by selecting Save.

In the last step, you have to confirm the configuration changes.

Please make sure to read the displayed message carefully and follow the needed steps for confirmation!

If you already have users and groups configured, these accounts and all related user data, including tokens, will be deleted from Traefik Hub.

Please do not try to change your configuration during the synchronization process!

Traefik Hub will sync with your Okta tenant immediately after confirming your configuration.

From then on, Traefik Hub is configured to use Okta as its IdP.

The user overview page in the dashboard will not automatically show all users.
Users will only be listed after a successful login into an API Portal.


Traefik Hub will automatically sync every 60 minutes with your Okta tenant.
After a first successful synchronization, you can initiate a sync at any time by selecting the Synchronize button.

Initiate Okta synchronization

Initiate Okta synchronization

Login with Okta

Head over to your API Portal and login with Okta.

Login with Okta

Login with Okta

What's next