Skip to main content
SSO is available on the Enterprise plan only. Contact us to upgrade.
Connect your identity provider to Orq.ai to allow your team to sign in using their existing credentials. To get started, navigate to the Organizations app and select Auth, then click Configure next to your identity provider.

Choosing a Protocol

Two protocols are available for both providers:
  • OIDC: Modern, lightweight protocol based on OAuth 2.0. Recommended for most organizations for its quick setup and JSON-based authentication.
  • SAML: XML-based protocol recommended for enterprise environments requiring fine-grained control over security attributes and assertions.

Identity Providers

Create an OIDC app in Okta

Sign in to your Okta Admin Console and navigate to Applications → Applications.Click Create App Integration, select OIDC - OpenID Connect and Web Application, then click Next.Enter a name (e.g. Orq.ai SSO). Under Sign-in redirect URIs, add the redirect URI provided by Orq.ai support. Click Save.
Contact [email protected] to obtain the Orq.ai redirect URI required for OIDC configuration.
By default, no users are assigned to a new Okta app. Go to the application’s Assignments tab and assign the users or groups who should have access to Orq.ai.

Gather credentials

From the application’s General tab:
  • Client ID: copy the value shown under Client Credentials.
  • Client Secret: shown in the Client Credentials section after saving. To generate a new one, click Generate new client secret and copy the value immediately.

Get the Provider URL

Your Provider URL is your Okta domain’s authorization server issuer URL:
https://{yourOktaDomain}/oauth2/default
Find your Okta domain in the top-right corner of the Okta Admin Console (e.g. acme.okta.com).

Configure in Orq.ai

In the Config Okta Single Sign-On panel:
  1. Select OIDC.
  2. Enter your Client ID.
  3. Enter your Client Secret code.
  4. Enter your Provider URL.
  5. Enter your organization’s email domain(s) in Allowed domains (e.g. acme.com).
  6. Click Save.

Register an application in Azure

Sign in to the Microsoft Entra admin center and navigate to Microsoft Entra ID → App registrations.Click New registration, enter a name (e.g. Orq.ai SSO), and click Register.Note the Application (client) ID: this is your Client ID.

Configure the redirect URI

In your app registration, go to Authentication → Add a platform → Web.Enter the redirect URI provided by Orq.ai support and click Configure.
Contact [email protected] to obtain the Orq.ai redirect URI required for OIDC configuration.

Create a client secret

In your app registration, go to Certificates & secrets → Client secrets → New client secret.Add a description, choose an expiry, and click Add.Copy the Value immediately. This is your Client Secret and will not be shown again.

Get the Provider URL

Your Provider URL is your tenant’s issuer URL:
https://login.microsoftonline.com/{tenant-id}/v2.0
Replace {tenant-id} with your Directory (tenant) ID, found on the app registration overview page.

Configure in Orq.ai

In the Config Active Directory Single Sign-On panel:
  1. Select OIDC.
  2. Enter your Client ID.
  3. Enter your Client Secret code.
  4. Enter your Provider URL.
  5. Enter your organization’s email domain(s) in Allowed domains (e.g. acme.com).
  6. Click Save.