Once configured, users can sign in to Kadence using their Okta credentials—without needing a separate password.

🛠️ Prerequisites

Before setting up Okta SSO, make sure that:

You have an active Okta licence
You are a Global Admin in Kadence
You have access to an Okta Admin account, or support from your Okta administrator

To log in via Okta SSO, users must have a Kadence account with the same email address as their Okta user account.

⚙️ Supported Features

The Kadence–Okta integration supports:

IdP-initiated SSO (users start in Okta)
SP-initiated SSO (users start on the Kadence login page)

🔧 Step 1: Add Kadence to Okta

Log in to your Okta Admin Console
Navigate to Applications → Applications
Click Browse App Catalog
Search for Kadence and select it
Click Add integration

Configure the application

Enter a Kadence SSO Alias
- Use lowercase letters and numbers only
- Example: Company name “Bellyard Coffee” → bellyard or bellyardcoffee
Optionally edit the application label
Click Done

📌 Keep a note of your SSO alias — you’ll need it later.

🔑 Step 2: Find Your Okta Client ID, Secret & Base URL

You’ll now collect the details required to complete setup in Kadence.

While logged in to Okta, copy your Okta base URL
- Example:
  - From: https://kadence-sso.okta.com/app/UserHome?fromAdmin=true
  - Use: https://kadence-sso.okta.com
Go to Applications → Applications
Select your Kadence application
Open the Sign On tab
Under Sign-on Methods → OpenID Connect, copy:
- Client ID
- Client Secret

💡 Store these values temporarily in a plain-text editor (e.g. Notepad).

🔒 Step 3: Enforce Single Sign-On (Optional)

To fully enforce SSO and prevent users from bypassing Okta by setting or resetting passwords, we strongly recommend blocking specific automated Kadence emails before or during rollout.

If you do not wish to enforce SSO and want your users to be able to login without SSO, skip to Step 4.

🛑 Block “Welcome to Kadence” Emails

When users are provisioned, Kadence may send a welcome email prompting them to set a password. Blocking this ensures users only access Kadence via SSO.

Block or filter emails from: [email protected]

Filter by subject line: Welcome to Kadence

Do not block all emails from this address. Other critical notifications (such as check-in reminders and booking confirmations) are also sent from this domain.

🔐 Block Password Reset Emails (SSO Recommended)

If your organisation uses Single Sign-On, blocking password reset emails prevents users from bypassing SSO authentication.

Block or filter emails from: [email protected]

Filter by subject line: Reset your password

Do not block all emails from this address. Blocking only this subject ensures SSO remains enforced while preserving essential notifications.

🔄 When should I apply these blocks?

We recommend applying these email filters:

Before enabling SSO, or
Before syncing users into Kadence, especially via Directory Sync

This ensures users only authenticate using Okta from day one.

🔗 Step 4: Enable Okta SSO in Kadence

Now connect Okta and Kadence.

Log in to Kadence
Navigate to Settings → Integrations
Under Single Sign-On (SSO), select Okta
Click Set up single sign-on
Enter the following:
- Client ID
- Client Secret
- Base URL (Okta sign-in URL)
- Kadence SSO Alias
Click Add

If successful, you’ll see a confirmation message at the top of the screen.

🔐 Step 5: Logging in with Okta SSO

Once Okta is integrated, users can log in by:

Navigating to Kadence
Clicking the Okta icon under the login form
Entering their email address
Authenticating via Okta
Being redirected back to Kadence

🧯 Troubleshooting & Tips

User email addresses in Okta and Kadence must match exactly
You cannot enable Okta SSO if another SSO provider (e.g. OneLogin) is already configured
The Kadence SSO alias must be globally unique
- If your first choice is taken, update it in Okta and re-enter it in Kadence