diff --git a/.env.example b/.env.example
index c4a63d7..e389c0e 100644
--- a/.env.example
+++ b/.env.example
@@ -59,3 +59,7 @@ UPCASE_CLIENT_SECRET=x
 
 WORDPRESS_DOT_COM_CLIENT_ID=x
 WORDPRESS_DOT_COM_CLIENT_SECRET=x
+
+OKTA_HOST=x
+OKTA_CLIENT_ID=x
+OKTA_CLIENT_SECRET=x
diff --git a/example/Main.hs b/example/Main.hs
index 715fa30..d345961 100644
--- a/example/Main.hs
+++ b/example/Main.hs
@@ -40,6 +40,7 @@ import Yesod.Auth.OAuth2.Spotify
 import Yesod.Auth.OAuth2.Twitch
 import Yesod.Auth.OAuth2.Upcase
 import Yesod.Auth.OAuth2.WordPressDotCom
+import Yesod.Auth.OAuth2.Okta
 
 data App = App
   { appHttpManager :: Manager
@@ -121,6 +122,7 @@ mkFoundation = do
 
   auth0Host <- getEnv "AUTH0_HOST"
   azureTenant <- getEnv "AZURE_ADV2_TENANT_ID"
+  oktaHost <- getEnv "OKTA_HOST"
 
   appHttpManager <- newManager tlsManagerSettings
   appAuthPlugins <- sequence
@@ -146,6 +148,7 @@ mkFoundation = do
     , loadPlugin oauth2Twitch "TWITCH"
     , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
     , loadPlugin oauth2Upcase "UPCASE"
+    , loadPlugin (oauth2Okta (fromString oktaHost) "default" Nothing) "OKTA"
     ]
 
   return App { .. }
diff --git a/src/Yesod/Auth/OAuth2/Okta.hs b/src/Yesod/Auth/OAuth2/Okta.hs
index d830025..31303b3 100644
--- a/src/Yesod/Auth/OAuth2/Okta.hs
+++ b/src/Yesod/Auth/OAuth2/Okta.hs
@@ -40,14 +40,14 @@ oauth2Okta ::
   YesodAuth m =>
   -- | The host address of the Okta application (absolute)
   URI ->
+  -- | The authorization server
+  ByteString ->
+  -- | Application Root for redirect links
+  Maybe Text ->
   -- | Client ID of the Okta application
   Text ->
   -- | Client Secret of the Okta application
   Text ->
-  -- | The authorization server
-  ByteString ->
-  -- | Application Root for redirect links
-  Maybe (URIRef Absolute) ->
   AuthPlugin m
 oauth2Okta = oauth2OktaWithScopes defaultOktaScopes
 
@@ -58,16 +58,16 @@ oauth2OktaWithScopes ::
   [Text] ->
   -- | The host address of the Okta application (absolute)
   URI ->
+  -- | The authorization server
+  ByteString ->
+  -- | Application Root for building callbacks
+  Maybe Text ->
   -- | Client ID of the Okta application
   Text ->
   -- | Client Secret of the Okta application
   Text ->
-  -- | The authorization server
-  ByteString ->
-  -- | Application Root for building callbacks
-  Maybe (URIRef Absolute) ->
   AuthPlugin m
-oauth2OktaWithScopes scopes host clientId clientSecret authorizationServer appRoot =
+oauth2OktaWithScopes scopes host authorizationServer appRoot clientId clientSecret =
   authOAuth2 pluginName oauth2 $ \manager token -> do
     (User uid, userResponse) <-
       authGetProfile
diff --git a/yesod-auth-oauth2.cabal b/yesod-auth-oauth2.cabal
index bc58c74..925da7e 100644
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@@ -54,6 +54,7 @@ library
       Yesod.Auth.OAuth2.GitLab
       Yesod.Auth.OAuth2.Google
       Yesod.Auth.OAuth2.Nylas
+      Yesod.Auth.OAuth2.Okta
       Yesod.Auth.OAuth2.Prelude
       Yesod.Auth.OAuth2.Random
       Yesod.Auth.OAuth2.Salesforce