Rewatch provides Single Sign-On (SSO) and SCIM Provisioning functionality for customers to access it through Okta. This allows IT administrators to better manage team access and keeps information more secure.
We use SCIM (System for Cross-domain Identity Management), a standard that permits Okta to safely pass authorization rule changes to service providers like Rewatch.
Rewatch supports the following SCIM features:
Push New Users
New users created through Okta will also be created in Rewatch.
Push Profile Updates
Updates made to the user's profile through Okta will be pushed to Rewatch.
Push User Deactivation and Reactivation
Deactivating the user or disabling the user's access to the application in Okta will deactivate the user in Rewatch. Note that deactivating a user means removing access to login to the site, but the user's profile and associated content (comments, uploaded videos) will continue to remain in your Rewatch channel.
Import and Push Groups
Updates to group memberships will be automatically synced to a Rewatch group that has been previously matched to a SAML group.
Before setting up SCIM, you must setup SAML. Please refer to our our SAML documentation.
On the Rewatch channel admin page, click on the Security link in the sidebar, and scroll to the bottom.
Check the box to enable SCIM and click Save. Then, copy the token for use in the next step.
These are instructions for setting up Rewatch SCIM with Okta.
Enable provisioning for the Rewatch app in Okta
In the Okta Console, within the Rewatch app, click the Provisioning tab
Click the Configure API Integration.
Enable API integrationand paste the API token obtained in the previous section.
You can now assign users and push groups from Okta.
When users are deactivated in Okta, they will be deactivated in Rewatch. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’. To permanently delete user data, contact Rewatch Support using the chat provided on this page, or by emailing Support.
Rewatch does not support modifications to the username independent of the email address. Updates to the username and email address will be reflected, but they cannot be changed such that they are different.
Groups pushed to Rewatch will not be reflected in the UI unless you create an associated group in Rewatch first. You also cannot modify a SAML group in Rewatch, it must be initiated from the SAML provider. For more information about SAML Groups in rewatch, see our Groups documentation.