We use SAML (Security Assertion Markup Language), a standard that permits Okta to safely pass authorization credentials to service providers like Rewatch.
Okta setup
These are instructions for setting up Rewatch SAML SSO with Okta. You can also follow steps on Okta’s website here.
Add the Rewatch app in Okta
In the Okta Console, click the Add Application
Type Rewatch, select it, and then click the add button to to add it to your Okta console.
When prompted for General Settings, click Done.
SAML settings
Select the
Sign On
tab, and click the Edit button
Update the Group field:
Groups
→ Matches regex.*
Click Save
Once you’ve configured the application, you can view the SAML parameters by clicking on the View Setup Instructions
button
You will need to copy the IDP SSO target URL
and IdP Certificate
fields into the Rewatch channel admin page.
Rewatch setup
On the Rewatch channel admin page, click on the Security
` link in the sidebar.
Paste the Identity Provider Single Sign-On URL
from Okta into the IdP SSO target URL
field and paste the X.509 Certificate
from Okta into the IdP Certificate
field. Then, set the email domains that will redirect to your SAML provider on login. Finally, check Enable Saml login for this channel
. Click Save.
You can then test the SAML integration by clicking the Test SAML button. If you login via SAML with the same email as your current admin user account, you will maintain the same admin privileges. Once logged in via SAML, you can enable Enforce SAML-only logins for this channel
.
SCIM
While SAML will automatically update user information whenever they log in, you can additionally setup SCIM to automate deprovisioning and group membership updates immediately after you make these administrative changes. For more information, please refer to our SCIM documentation