Kymata Integration Guide: Okta SSO

Environment: Production (prod.kymata.dev)
Target Audience: Okta Administrators

Overview

This document provides the steps to integrate your Okta instance with the Kymata platform:
1. Initial Registration: Adding the Kymata app from the Okta Integration Network and configuring your unique Org ID and Environment Name.
2. Credential Provisioning: Providing Kymata with your Okta application credentials to establish the connection.

Prerequisites

Before configuring the Kymata integration in Okta, ensure you have the following:
* An active Okta Administrator account with the ability to add and configure applications from the Okta Integration Network (OIN).
* An active Kymata tenant account with administrative privileges.

Supported Features

The Kymata Okta integration supports the following features:
* SP-initiated SSO (Single Sign-On): Users can authenticate to Kymata directly from the Kymata application portal.
* IdP-initiated SSO: Users can authenticate to Kymata by clicking the Kymata app icon from their Okta dashboard.
* Just-In-Time (JIT) Provisioning: Automatically provision new user accounts in Kymata when they first sign in via Okta.

Configuration Steps

Single Sign-On (OIDC) Configuration

1. Obtain your Kymata Org ID and Environment Name

Before adding the application in Okta, gather your unique Kymata identifiers. These are required for the integration to dynamically route your sign-ins:
* EnvName: This is the environment prefix of your Kymata instance (e.g., enter prod if you access Kymata at prod.kymata.dev).
* Org ID:
1. Log in to your Kymata instance with your admin username and password.
2. Click on the user info button at the lower left corner of the dashboard and copy the Org ID.

2. Add Kymata from the Okta Integration Network (OIN)

Navigate to your Okta Admin Console.
Go to Applications > Applications > Browse App Catalog.
Search for Kymata and click Add Integration.
In the General Settings tab, locate the App Instance Properties section and fill in the required fields:
Org ID: Paste the Org ID you copied from the Kymata dashboard in the previous step.
EnvName: Enter your environment name (e.g., prod).
Review the other default settings and click Done.

3. Provide Credentials to Kymata

Copy the following values from the Sign On tab of your new Okta app and enter them into the Kymata Organization: Okta Config page:
* Okta Issuer: Your base URL (e.g., https://your-org.okta.com).
* Client ID: Found in the Client Credentials section.
* Client Secret: Found in the Client Secrets section.
* Click Submit on the Kymata config page to finalize the configuration.

SP-initiated SSO

The sign-in process can be initiated using your Kymata organization ID.

Ensure you have your Org ID (found in the Kymata dashboard under the user info button).
Navigate to the SP-initiated SSO URL: https://prod.kymata.dev/okta/login?tenantId=<org id> (replacing <org id> with your Org ID).
You will be redirected to your Okta organization to authenticate.
If your credentials are valid, you are redirected back to the Kymata dashboard.

Support

For any questions or issues during configuration, please reach out to our support team:
* Support Email: support@kymata.ai