embed signage offers Single Sign-On (SSO) and User Provisioning integration with Okta. This guide will show you how to set it up:
User provisioning SCIM Supported features
Users created and assigned to embed signage in Okta will be automatically created in embed signage.
Update user attributes
Updates made to an assigned user in Okta will be pushed to embed signage.
Deactivating or disabling a user's access to embed signage in OKTA will deactivate the user in embed signage which will disable login to embed signage.
Groups assigned and pushed to embed signage in Okta will create a User group in embed signage with users already assigned via Okta.
You must be an admin user to set up single sign-on and user provisioning.
Add the embed signage application to your Okta account
Login to your Okta account and go to applications.
Click "Browse App Catalog" and search for "embed signage" and add the application.
In the next step you can change the application label, and icon visibility. You do not need to change these unless you have a requirement to do so.
Click "Done" and you will be redirected to the assignments section of the application to assign users.
Setting up single sign-on
Click on the "Sign on" tab in the embed signage application you created earlier.
Click "edit" on the settings tile and scroll to "Advanced Sign-on Settings"
Enter your embed signage Customer ID, this can be found in embed signage > Account settings > Security > Single sign on.
Next, in "Credential details", select "Email" as the Application username format.
When finished, click "View setup instructions".
Copy the entire contents of the text box in Option 1 "IDP Metadata".
Head over to embed signage > Account settings > Security > Single sign on.
Enable single sign on and paste the contents of the text box in Okta you copied earlier.
Click save changes, your account is now ready to use single sign on. Logout and test it.
Setting up user provisioning
Go to embed signage > Account settings > Security > User provisioning.
Create a token and copy this and your base URL somewhere safe as you'll need to enter it in the next steps.
You can select a role to apply to users that are provisioned, if you do not select a role, a new role will be created. You will need to update the rule to add permissions to provisioned users.
Back in OKTA, Go to the "Provisioning" tab in the embed signage application you set up earlier.
Click "Configure API Integration" and check "Enable API Integration".
Enter the "Base URL" and "API Token" you created earlier in embed signage and click "Test API Integration".
If successful, click "Save".
Now on the "To App" tab, click edit and enable the features you would like to use. We recommend enabling everything.
Click "Save", your users assigned to the embed signage application will now be synced to your embed signage CMS.
Troubleshooting and Tips
Ensure you have selected Email for the Application username format on the Sign-On tab in Okta.
Users managed via user provisioning, cannot be edited in embed signage.
Once SSO is setup, users will not be able to log in via embed signage, users will have to login from Okta.
If you have any questions or require any assistance, please contact [email protected].