We use SAML (Security Assertion Markup Language), a standard that permits Okta to safely pass authorization credentials to service providers like Rewatch.
Okta setup
These are instructions for setting up Rewatch SAML SSO with Okta. You can also follow steps on Okta’s website here.
Add the Rewatch app in Okta
In the Okta Console, click the Add Application
Type Rewatch, select it, and then click the add button to to add it to your Okta console.
When prompted for General Settings, click Done.
SAML settings
Select the
Sign Ontab, and click the Edit button
Update the Group field:
Groups→ Matches regex.*
Click Save
Once you’ve configured the application, you can view the SAML parameters by clicking on the View Setup Instructions button
You will need to copy the IDP SSO target URL and IdP Certificate fields into the Rewatch channel admin page.
Rewatch setup
In Rewatch's admin console, click on the Single sign-on & provisioning link in the sidebar. Then click the button to configure SAML.
Next, fill out the configuration form to enable SAML:
Target URL: use Okta's
Identity Provider Single Sign-On URLCertificate: use Okta's
X.509 CertificateManaged email domains: enter email domains that will redirect to Okta for sign in
Once enabled, you'll see a preview link that you can use for testing.
Enforcement
If you'd like to enforce SAML for sign in, you'll need to first sign in using SAML, then edit your SAML configuration to select your preferred enforcement policy.
SCIM
While SAML will automatically update user information whenever they sign in, you can additionally setup SCIM to automate provisioning and group membership updates immediately after you make these administrative changes. For more information, please refer to our SCIM documentation.