Rewatch provides Single Sign-On (SSO) and SCIM Provisioning functionality for customers to access it through Okta. This allows IT administrators to better manage team access and keeps information more secure.

We use SCIM (System for Cross-domain Identity Management), a standard that permits Okta to safely pass authorization rule changes to service providers like Rewatch.

Rewatch supports the following SCIM features:

  • Push New Users

    • New users created through Okta will also be created in Rewatch.

  • Push Profile Updates

    • Updates made to the user's profile through Okta will be pushed to Rewatch.

  • Push User Deactivation and Reactivation

    • Deactivating the user or disabling the user's access to the application in Okta will deactivate the user in Rewatch. Note that deactivating a user means removing access to login to the site, but the user's profile and associated content (comments, uploaded videos) will continue to remain in your Rewatch channel.

  • Import and Push Groups

    • Updates to group memberships will be automatically synced to a Rewatch group that has been previously matched to a SAML group.

Rewatch setup

Before setting up SCIM, you must setup SAML. Please refer to our our SAML documentation.

On the Rewatch channel admin page, click on the Security link in the sidebar, and scroll to the bottom.

Check the box to enable SCIM and click Save. Then, copy the token for use in the next step.

Okta setup

These are instructions for setting up Rewatch SCIM with Okta.

Enable provisioning for the Rewatch app in Okta

  • In the Okta Console, within the Rewatch app, click the Provisioning tab

  • Click the Configure API Integration.

  • Check Enable API integration and paste the API token obtained in the previous section.

  • Click Save

  • You can now assign users and push groups from Okta.

Additional notes

  • When users are deactivated in Okta, they will be deactivated in Rewatch. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’. To permanently delete user data, contact Rewatch Support using the chat provided on this page, or by emailing Support.

  • Rewatch does not support modifications to the username independent of the email address. Updates to the username and email address will be reflected, but they cannot be changed such that they are different.

  • Groups pushed to Rewatch will not be reflected in the UI unless you create an associated group in Rewatch first. You also cannot modify a SAML group in Rewatch, it must be initiated from the SAML provider. For more information about SAML Groups in rewatch, see our Groups documentation.

Did this answer your question?