Enterprise Feature — Okta SSO is available on the Enterprise plan. Contact sales to learn more.
Prerequisites
You’ll need:- Admin access for your Dune team
- Admin access for your Okta tenant
- Access to your domain’s DNS provider (to add TXT records)
Step 1 — Add and verify your SSO domain(s)
- In Dune, go to Settings → Security & Privacy → Okta authentication.
- Under Configure SSO domains, click Add domains.
- Enter the email domain(s) your team uses (for example,
company.com).
Verify the domain (DNS TXT record)
After adding a domain, it may show as Pending. Dune will display DNS instructions like:- Host:
dune-verification - Type:
TXT - Value: a unique verification token
- Name / Host:
dune-verification(some providers require the full name likedune-verification.company.com) - Type:
TXT - Value: (paste the token from Dune exactly)
Tip DNS changes can take time to propagate. If verification fails, double-check the host/name formatting in your DNS provider and try again after propagation.
Step 2 — Create an Okta OIDC app (Web)
In Okta:- Go to Applications → Create App Integration.
- Choose OIDC - OpenID Connect.
- Choose Web Application.
- In the app settings, add the Sign-in redirect URIs shown in Dune.
- Save the app.
Note Use the redirect URIs exactly as shown in Dune. A mismatch is the most common cause of Okta sign-in errors.
Step 3 — Copy Okta credentials into Dune
Back in Dune (Settings → Security & Privacy → Okta authentication), fill in:- Client ID: from your Okta OIDC application
- Client secret: from your Okta OIDC application
- Okta domain: your Okta org URL, for example:
https://your-domain.okta.com
Step 4 — Enable Okta SSO
- Make sure at least one domain shows as Verified.
- Toggle Enable Okta SSO on.
- Click Enable.
Important
- Existing members with non-matching domains must be removed before enabling.
- Users cannot change their email while Okta SSO is enforced.
- Users with email/password accounts will be prompted to log in with Okta SSO.