diff --git a/app/app/settings.py b/app/app/settings.py
index cb7303d7..1fa81b2a 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -144,6 +144,8 @@ WSGI_APPLICATION = 'app.wsgi.application'
 AUTHENTICATION_BACKENDS = [
     'social_core.backends.github.GithubOAuth2',
     'social_core.backends.azuread_tenant.AzureADTenantOAuth2',
+    'social_core.backends.okta.OktaOAuth2',
+    'social_core.backends.okta_openidconnect.OktaOpenIdConnect',
     'django.contrib.auth.backends.ModelBackend',
 ]
 
@@ -173,6 +175,14 @@ if AZUREAD_ADMIN_GROUP_ID:
     SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE = 'https://graph.microsoft.com/'
     SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SCOPE = ['Directory.Read.All']
 
+SOCIAL_AUTH_OKTA_OAUTH2_KEY = env('OAUTH_OKTA_OAUTH2_KEY', None)
+SOCIAL_AUTH_OKTA_OAUTH2_SECRET = env('OAUTH_OKTA_OAUTH2_SECRET', None)
+SOCIAL_AUTH_OKTA_OAUTH2_API_URL = env('OAUTH_OKTA_OAUTH2_API_URL', None)
+
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = env('OAUTH_OKTA_OPENIDCONNECT_KEY', None)
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = env('OAUTH_OKTA_OPENIDCONNECT_SECRET', None)
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = env('OAUTH_OKTA_OPENIDCONNECT_API_URL', None)
+
 SOCIAL_AUTH_PIPELINE = [
     'social_core.pipeline.social_auth.social_details',
     'social_core.pipeline.social_auth.social_uid',
diff --git a/app/requirements.txt b/app/requirements.txt
index ccd53d14..6f9e10bf 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -29,13 +29,15 @@ model-mommy==1.6.0
 psycopg2-binary==2.7.7
 pyexcel==0.5.14
 pyexcel-xlsx==0.5.7
+pyjwt>=1.7.1
 python-dateutil==2.7.3
+python-jose>=3.0.0
 pytz==2018.4
 requests==2.21.0
 six==1.11.0
 seqeval==0.0.6
 social-auth-app-django==3.1.0
-social-auth-core[azuread]==3.0.0
+social-auth-core==3.3.3
 text-unidecode==1.2
 unittest-xml-reporting==2.5.1
 vcrpy==2.0.1
diff --git a/app/server/templates/login.html b/app/server/templates/login.html
index 558e8410..34c9d576 100644
--- a/app/server/templates/login.html
+++ b/app/server/templates/login.html
@@ -71,6 +71,12 @@
           <span>Login with Active Directory</span>
         </a>
         {% endif %}
+        {% if (okta_oauth_login or okta_openidconnect_login) %}
+        <a href="{% url 'social:begin' 'okta' %}" class="button is-fullwidth mb10">
+          <span class="icon"><i class="fab fa-openid"></i></span>
+          <span>Login with Okta</span>
+        </a>
+        {% endif %}
       </div>
     </div>
   </div>
diff --git a/app/server/views.py b/app/server/views.py
index e1f431c7..7198a887 100644
--- a/app/server/views.py
+++ b/app/server/views.py
@@ -104,6 +104,8 @@ class LoginView(BaseLoginView):
     extra_context = {
         'github_login': bool(settings.SOCIAL_AUTH_GITHUB_KEY),
         'aad_login': bool(settings.SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID),
+        'okta_oauth_login': bool(settings.SOCIAL_AUTH_OKTA_OAUTH2_KEY),
+        'okta_openidconnect_login': bool(settings.SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY),
         'allow_signup': bool(settings.ALLOW_SIGNUP),
     }
 
diff --git a/requirements.txt b/requirements.txt
index f0dca5aa..cd40701e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,13 +30,15 @@ mysqlclient==1.4.2.post1
 psycopg2-binary==2.7.7
 pyexcel==0.5.14
 pyexcel-xlsx==0.5.7
+pyjwt>=1.7.1
 python-dateutil==2.7.3
+python-jose>=3.0.0
 pytz==2018.4
 requests==2.21.0
 six==1.11.0
 seqeval==0.0.6
 social-auth-app-django==3.1.0
-social-auth-core[azuread]==3.0.0
+social-auth-core==3.3.3
 text-unidecode==1.2
 unittest-xml-reporting==2.5.1
 vcrpy==2.0.1