Okta Integration

SmarterSign supports Single Sign-On (SSO) via OIDC (OpenID Connect) and user/group provisioning via SCIM through Okta. This allows your organization to manage access, users, and user groups within SmarterSign using your Okta identity provider.

Supported Features

SmarterSign's Okta integration provides comprehensive OIDC (OpenID Connect) and SCIM capabilities:

OIDC (OpenID Connect) Features

Single Sign-On (SSO): Seamless authentication through Okta's identity provider
IDP and SP Initiated Flows: Support for both Identity Provider (IDP) and Service Provider (SP) initiated authentication flows
Multi-Factor Authentication (MFA): Inherits Okta's MFA policies and enforcement

SCIM (System for Cross-domain Identity Management) Features

User Provisioning: Automated creation, updates, and deactivation of user accounts
Group Management: Synchronization of Okta groups with SmarterSign user groups
Attribute Synchronization: Real-time updates of user profile information
De-provisioning: Automatic account deactivation when users are removed from Okta

Benefits of Okta Integration

Centralized user and group management
Enhanced security with Okta's authentication policies
Simplified login experience for users
Automated user provisioning, deprovisioning, and group membership updates

Prerequisites

Before setting up Okta integration, ensure you have:

An Okta administrator account
A SmarterSign Account
Administrator access to your SmarterSign account

Setting Up Okta SSO in SmarterSign

Configuring SmarterSign in Okta

Log in to your Okta administrator dashboard
Navigate to "Applications" > "Applications"
Click "Browse App Catalog" and locate SmarterSign Digital Signage
Add the application to your org
Under the "Sign On" tab, locate the Client ID and Client Secret
"Email" should be selected for the "Application username format"
Return to SmarterSign, navigate to "Administration" > "Okta"
Enter your Okta domain, Client ID, and Client Secret, then click Save
SmarterSign will generate a SCIM token linked to your account
Back in Okta, open the "Provisioning" tab and paste the SCIM token into the appropriate field
Save and enable provisioning

SCIM Provisioning

Once provisioning is enabled, Okta will automatically manage user and group access to your SmarterSign account. The following operations are supported:

Create users when they are assigned to the SmarterSign app
Update user attributes such as first name, last name, and email
Deactivate users when they are unassigned
Manage group memberships to apply permission sets in SmarterSign

Managing User Groups

It's recommended to first create user groups within SmarterSign that reflect different roles (e.g., Content Creators, Administrators, Managers). Assign the correct permissions to each group. Then, in Okta, link your Okta user groups to your SmarterSign user groups and assign users accordingly. Okta will sync group membership changes to SmarterSign automatically.

Note: If you push a user group from Okta to SmarterSign that does not yet exist, it will create a group with the minimum permissions using that same name.

User Login via Okta

Once configured, users can log in through one of these methods:

From Okta dashboard:

Log in to Okta
Click on the SmarterSign tile
Be automatically authenticated into SmarterSign

From SmarterSign login page:

Navigate to SmarterSign login page
Enter your email address
Be redirected to Okta for authentication
After successful Okta authentication, be redirected back to SmarterSign

Troubleshooting

If users encounter issues with Okta SSO or provisioning:

Ensure users are assigned to the SmarterSign application in Okta
Verify the SmarterSign SCIM token is valid and linked to the correct Okta instance
Check that the Okta domain name matches your organization’s domain
Check your network logs for failed API calls or 401 errors
Contact SmarterSign support with logs or error messages for assistance