Support for OIDC authentication is currently being rolled out to Octopus Cloud customers.
It will be included in the Octopus 2025.4 release for self-hosted customers.
Configure Okta
Configure Octopus Server
- Navigate to Configuration ➜ Settings ➜ OpenID Connect and populate the following fields:
- Enabled should be set to
Yes. - Role Claim Type should be
groups. - Username Claim Type should be
preferred_username. - Resource should be left unset.
- Scopes should be
openid profile email groups. - Display Name can be used to customize the appearance of the button on the Octopus Deploy login screen. Use a name that your users will recognize for this identity provider.
- Issuer should be a URL like
https://your-okta-poral.okta.com/oauth2/default. You can also find it in the OpenID Connect metadata. - Client ID and Client secret should be the values you noted when creating the application. You can also find them in the Okta portal page for your application.
Note that the value of Client Secret cannot be retrieved once set - it can only be changed or deleted
- Allow Auto User Creation determines if Octopus Deploy should automatically create user accounts, or only allow authentication for users that already exist in Octopus Deploy.
- Enabled should be set to
- Click Save to apply the changes.
- If you sign out of Octopus Deploy, you should now see a new button on the login screen to authenticate with the OIDC provider.
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Wednesday, November 5, 2025