Okta Integration

In This Article

SmarterSign supports Single Sign-On (SSO) via OIDC (OpenID Connect) and user/group provisioning via SCIM through Okta. This allows your organization to manage access, users, and user groups within SmarterSign using your Okta identity provider.

Supported Features

SmarterSign's Okta integration provides comprehensive OIDC (OpenID Connect) and SCIM capabilities:

OIDC (OpenID Connect) Features

  • Single Sign-On (SSO): Seamless authentication through Okta's identity provider
  • IDP and SP Initiated Flows: Support for both Identity Provider (IDP) and Service Provider (SP) initiated authentication flows
  • Multi-Factor Authentication (MFA): Inherits Okta's MFA policies and enforcement

SCIM (System for Cross-domain Identity Management) Features

  • User Provisioning: Automated creation, updates, and deactivation of user accounts
  • Group Management: Synchronization of Okta groups with SmarterSign user groups
  • Attribute Synchronization: Real-time updates of user profile information
  • De-provisioning: Automatic account deactivation when users are removed from Okta

Benefits of Okta Integration

  • Centralized user and group management
  • Enhanced security with Okta's authentication policies
  • Simplified login experience for users
  • Automated user provisioning, deprovisioning, and group membership updates

Prerequisites

Before setting up Okta integration, ensure you have:

  • An Okta administrator account
  • A SmarterSign Account
  • Administrator access to your SmarterSign account

Setting Up Okta SSO in SmarterSign

Configuring SmarterSign in Okta

  1. Log in to your Okta administrator dashboard
  2. Navigate to "Applications" > "Applications"
  3. Click "Browse App Catalog" and locate SmarterSign Digital Signage
  4. Add the application to your org
  5. Under the "General" tab, locate the Client ID and Client Secret
  6. Return to SmarterSign, navigate to "Administration" > "Okta"
  7. Enter your Okta domain, Client ID, and Client Secret, then click Save
  8. SmarterSign will generate a SCIM token linked to your account
  9. Back in Okta, open the "Provisioning" tab and paste the SCIM token into the appropriate field
  10. Save and enable provisioning

SCIM Provisioning

Once provisioning is enabled, Okta will automatically manage user and group access to your SmarterSign account. The following operations are supported:

  • Create users when they are assigned to the SmarterSign app
  • Update user attributes such as first name, last name, and email
  • Deactivate users when they are unassigned
  • Manage group memberships to apply permission sets in SmarterSign

Managing User Groups

It's recommended to first create user groups within SmarterSign that reflect different roles (e.g., Content Creators, Administrators, Managers). Assign the correct permissions to each group. Then, in Okta, link your Okta user groups to your SmarterSign user groups and assign users accordingly. Okta will sync group membership changes to SmarterSign automatically.

Note: If you push a user group from Okta to SmarterSign that does not yet exist, it will create a group with the minimum permissions using that same name.

User Login via Okta

Once configured, users can log in through one of these methods:

From Okta dashboard:

  1. Log in to Okta
  2. Click on the SmarterSign tile
  3. Be automatically authenticated into SmarterSign

From SmarterSign login page:

  1. Navigate to SmarterSign login page
  2. Enter your email address
  3. Be redirected to Okta for authentication
  4. After successful Okta authentication, be redirected back to SmarterSign

Troubleshooting

If users encounter issues with Okta SSO or provisioning:

  1. Ensure users are assigned to the SmarterSign application in Okta
  2. Verify the SmarterSign SCIM token is valid and linked to the correct Okta instance
  3. Check that the Okta domain name matches your organization’s domain
  4. Check your network logs for failed API calls or 401 errors
  5. Contact SmarterSign support with logs or error messages for assistance