Kong · Guaris · Jan 29, 2025 · Jan 24, 2025 · Jan 25, 2025 · Jan 27, 2025
@@ -1,12 +1,20 @@
 ---
-title: Set Up SSO with Okta
+title: Configure Okta SSO for Dev Portal
 badge: enterprise
 ---
 
-You can set up single sign-on (SSO) access to Dev Portals through Okta using OpenID Connect or SAML. These authentication methods allow developers to log in to a Dev Portal using their Okta credentials without needing a separate login. 
+You can set up single sign-on (SSO) access to Dev Portals through Okta using OpenID Connect or SAML. 
+These authentication methods allow developers to log in to a Dev Portal using their Okta credentials 
+without needing a separate {{site.konnect_saas}} Dev Portal login. 
 
-You cannot mix authenticators in a {{site.konnect_saas}} Dev Portal. With Okta authentication enabled, all developers will log in to the Dev Portal through Okta.
+{:.note}
+> This page provides specific instructions for configuring SSO with Okta. 
+See [Configure Generic SSO](/konnect/dev-portal/access-and-approval/sso/) for general instructions on setting up SSO for other identity providers.
 
-This topic covers configuring Okta. For generic instructions on configuring SAML or OIDC for use with other identity providers, see the [generic SSO guide](/konnect/dev-portal/access-and-approval/sso/).
+{:.important}
+> It is recommended to use a single authentication method, however, {{site.konnect_short_name}} supports the ability to 
+combine built-in authentication with _either_ OIDC or SAML based SSO. Combining both OIDC and SAML based SSO is not supported.
+Keep built-in authentication enabled while you are testing IdP authentication and only disable it after successfully testing 
+your SSO configuration.
 
-{% include_cached /md/konnect/okta-sso.md desc='Dev Portal' %}
+{% include_cached /md/konnect/okta-sso.md desc='Dev Portal' %}
@@ -3,18 +3,34 @@ title: Configure generic SSO for Dev Portal
 content_type: how-to
 ---
 
-You can configure single sign-on (SSO) for {{site.konnect_short_name}} Dev Portal with OIDC. This allows developers to log in to Dev Portals by using their IdP credentials, without needing a separate login. This topic covers configuring SSO for use with various identity providers. If you want to configure Okta, please see the [Okta configuration guide](/konnect/dev-portal/access-and-approval/okta-idp/).
+You can configure single sign-on (SSO) for {{site.konnect_short_name}} Dev Portal with OpenID Connect (OIDC) or SAML.
+This allows developers to log in to Dev Portals by using their IdP credentials, without needing a separate login. 
+
+{:.note}
+> This page provides general instructions for configuring SSO across identity providers. 
+See [Set Up SSO with Okta](/konnect/dev-portal/access-and-approval/sso/) for specific instructions on setting up SSO with Okta.
 
 Keep the following in mind when configuring SSO for Dev Portal:
 
-* Developers are auto-approved by {{site.konnect_short_name}} when they use SSO to log in to the Dev Portal. This is because Kong outsources the approval process to the IdP instance when using SSO. Therefore, you should restrict who can sign up from the IdP rather than through {{site.konnect_short_name}}.
-* If you plan on using [team mappings from an IdP](/konnect/dev-portal/access-and-approval/add-teams), they must be from the same IdP instance as your SSO.
-* If you have multiple Dev Portals, keep in mind that each Dev Portal has a separate SSO configuration. You can use the same IdP for multiple Dev Portals or different IdPs per Dev Portal.
-* Dev Portal SSO is different than the [SSO for {{site.konnect_short_name}}](/konnect/org-management/oidc-idp). If you want to use SSO to log in to {{site.konnect_short_name}}, you must configure that separately. 
+* Developers are auto-approved by {{site.konnect_short_name}} when they use SSO to log in to the Dev Portal. 
+  This is because Kong outsources the approval process to the IdP instance when using SSO. Therefore, you should restrict 
+  who can sign up from the IdP rather than through {{site.konnect_short_name}}.
+* If you plan on using [team mappings from an IdP](/konnect/dev-portal/access-and-approval/add-teams), 
+  they must be from the same IdP instance as your SSO.
+* If you have multiple Dev Portals, keep in mind that each Dev Portal has a separate SSO configuration. 
+  You can use the same IdP for multiple Dev Portals or different IdPs per Dev Portal.
+* Dev Portal SSO is different than the [SSO for {{site.konnect_short_name}}](/konnect/org-management/oidc-idp).
+  If you want to use SSO to log in to {{site.konnect_short_name}}, you must configure that separately. 
+
+{:.important}
+> It is recommended to use a single authentication method, however, {{site.konnect_short_name}} supports the ability to 
+combine built-in authentication with _either_ OIDC or SAML based SSO. Combining both OIDC and SAML based SSO is not supported.
+Keep built-in authentication enabled while you are testing IdP authentication. Only disable built-in authentication after 
+successfully testing the configurations in these guides.
 
 {% include_cached /md/konnect/generic-sso.md desc='Dev Portal' %}
 
 ## Related links
 
 * [Configure generic SSO for a Konnect Org](/konnect/org-management/sso/)
-* [IdP SAML attribute mapping reference](/konnect/reference/saml-idp-mappings/)
+* [IdP SAML attribute mapping reference](/konnect/reference/saml-idp-mappings/)
@@ -9,7 +9,7 @@ or enable an external authenticator to manage
 provider. {{site.konnect_saas}} offers multiple options for authentication. The [generic SSO](/konnect/org-management/sso/) with SAML and OIDC allow you to configure authentication with any identity provider that supports these protocols. 
 The [Okta](/konnect/org-management/okta-idp/) specific setup offers an integrated approach for Okta users, supporting both OIDC and SAML, and includes features like team mappings and dashboard integration.
 
-## Native authentication through {{site.konnect_short_name}}
+## Built-in authentication through {{site.konnect_short_name}}
 
 The default authentication option in {{site.konnect_saas}} is basic
 authentication. You don't have to do anything special to set it up.
@@ -36,4 +36,4 @@ organization
 ## More information
 
 * [Troubleshoot authorization and authentication issues](/konnect/org-management/troubleshoot/)
-* [Login sessions reference](/konnect/org-management/sessions-reference/)
+* [Login sessions reference](/konnect/org-management/sessions-reference/)
@@ -1,14 +1,26 @@
 ---
-title: Set Up SSO with Okta
+title: Configure SSO with Okta
 badge: enterprise
 ---
 
+{{site.konnect_saas}} provides [built-in authentication](/konnect/org-management/auth/), 
+allowing you to setup [users](/konnect/org-management/users/) and [teams](/konnect/org-management/teams-and-roles/) 
+for {{site.konnect_short_name}} authentication and authorization. Alternatively, you can set up single sign-on (SSO) 
+access to {{site.konnect_short_name}} using OpenID Connect (OIDC) or Security Assertion Markup Language (SAML). 
+These authentication methods allow your users to log in to {{site.konnect_short_name}} using IdP authorization, 
+without needing additional {{site.konnect_short_name}} specific credentials. You can also configure a mapping
+between Okta group claims and {{site.konnect_saas}} teams, allowing for {{site.konnect_short_name}} user team assignments
+from within Okta.
 
-As an alternative to {{site.konnect_saas}}’s native authentication, you can set up single sign-on (SSO) access to {{site.konnect_short_name}} through Okta using OpenID Connect or SAML. These authentication methods allow your users to log in to {{site.konnect_saas}} using their Okta credentials without needing a separate login. 
+{:.note}
+> This topic provides specific instructions for configuring SSO with Okta. 
+See [Configure Generic SSO](/konnect/org-management/sso/) for general instructions on setting up SSO for other identity providers.
 
-You cannot mix authenticators in {{site.konnect_saas}}. With Okta authentication enabled, all non-admin {{site.konnect_short_name}} users will log in through Okta. Only the {{site.konnect_short_name}} org owner can continue to log in with {{site.konnect_short_name}}'s native authentication.
-
-This topic covers configuring Okta. For generic instructions on configuring SAML or OIDC for use with other identity providers, see the [generic SSO guide](/konnect/org-management/sso/).
+{:.important}
+> It is recommended to use a single authentication method, however, {{site.konnect_short_name}} supports the ability to 
+combine built-in authentication with _either_ OIDC or SAML based SSO. Combining both OIDC and SAML based SSO is not supported.
+Keep built-in authentication enabled while you are testing IdP authentication and only disable it after successfully testing 
+your SSO configuration.
 
 {% include_cached /md/konnect/okta-sso.md desc='Konnect Org' %}
 

@@ -2,10 +2,24 @@
 title: Configure generic SSO for a Konnect Org
 ---
 
-
-As an alternative to {{site.konnect_saas}}’s native authentication, you can set up single sign-on (SSO) access to {{site.konnect_short_name}} using OpenID Connect or SAML. This authentication method allows your users to log in to {{site.konnect_saas}} using their IdP credentials, without needing a separate login. This topic covers configuring SSO for use with various identity providers. 
-
-If you want to configure Okta, please see the [Okta configuration guide](/konnect/org-management/okta-idp/).
+{{site.konnect_saas}} provides [built-in authentication](/konnect/org-management/auth/), 
+allowing you to setup [users](/konnect/org-management/users/) and [teams](/konnect/org-management/teams-and-roles/) 
+for {{site.konnect_short_name}} authentication and authorization. Alternatively, you can set up single sign-on (SSO) 
+access to {{site.konnect_short_name}} using OpenID Connect (OIDC) or Security Assertion Markup Language (SAML). 
+These authentication methods allow your users to log in to {{site.konnect_short_name}} using IdP authorization, 
+without needing additional {{site.konnect_short_name}} specific credentials. You can also configure a mapping
+between Okta group claims and {{site.konnect_saas}} teams, allowing for {{site.konnect_short_name}} user team assignments
+from within Okta.
+
+{:.note}
+> This topic provides general instructions for configuring SSO across identity providers.
+See [Configure Okta SSO](/konnect/org-management/okta-idp/) specific instructions on setting up SSO with Okta.
+
+{:.important}
+> It is recommended to use a single authentication method, however, {{site.konnect_short_name}} supports the ability to 
+combine built-in authentication with _either_ OIDC or SAML based SSO. Combining both OIDC and SAML based SSO is not supported.
+Keep built-in authentication enabled while you are testing IdP authentication and only disable it after successfully testing 
+your SSO configuration.
 
 ## Map {{site.konnect_short_name}} teams to IdP groups
 
@@ -38,4 +52,4 @@ to align with the new group-to-team mapping.
 ## Related links
 
 * [Configure generic SSO for Dev Portal](/konnect/dev-portal/access-and-approval/sso/)
-* [IdP SAML attribute mapping reference](/konnect/reference/saml-idp-mappings/): Learn how Azure, Oracle Cloud, and KeyCloak attributes map to {{site.konnect_short_name}}.
+* [IdP SAML attribute mapping reference](/konnect/reference/saml-idp-mappings/): Learn how Azure, Oracle Cloud, and KeyCloak attributes map to {{site.konnect_short_name}}.