Configuring Single Sign-On (SSO) & User Provisioning (SCIM) with Okta for Brightflag Clients Configuring Single Sign-On (SSO) & User Provisioning (SCIM) with Okta for Brightflag Clients

Configuring Single Sign-On (SSO) & User Provisioning (SCIM) with Okta for Brightflag Clients

Brightflag integrates with Okta to provide Single Sign-On (SSO) and User Provisioning (SCIM) capabilities.

Your Brightflag Implementation Manager can guide you through this process.

Prerequisites for User Provisioning (SCIM)

Before setting up User Provisioning (SCIM), ensure you have:

✔️ An Okta account with admin privileges.
✔️ SCIM version 1.1 enabled.
✔️ An API key/token from a Brightflag Administrator.

  • If you need API credentials, Submit a Request to Brightflag Support.

📌 Note: If you are only configuring SSO, you can skip the SCIM and API credentials prerequisites.

Setting Up SSO & User Provisioning in Okta

  • Once logged into Okta, select Applications - Applications in the sidebar menu.
    Screenshot_2021-08-04_at_10.41.23.png

  • Select Browse App Catalog
    Screenshot_2021-08-04_at_10.41.59.png
  • Enter into the search box: “Brightflag

  • Select “Add
    Screenshot_2021-08-04_at_12.32.09.png

  • Provide an Application Label and a Base URL
    Screenshot_2021-08-04_at_12.33.43.png
  • The Base URL information will be shown below the input box on Okta, please enter one of the listed URLs based on your location and requirements. Then select the checkboxes based on your requirements and click Done.
    Note: Brightflag is primarily a desktop application and we do not recommend access from mobile devices.

  • You will be brought to the application Assignments tab.
    • Click the Sign-on tab to set up SSO and follow the instructions. Okta also stores the latest Brightflag configuration guide on this page.
    • Click on Provisioning and follow the instructions. Similarly, Okta stores the latest Brightflag configuration guide on this page. (Note: This step is only required for our SCIM integration)

Sending Federation Metadata to Brightflag

  • After assigning the people/groups to your app, navigate to the Sign On tab.

  • Click on view setup instructions to get the SAML Federation Metadata.

  • Scroll to the bottom of this page and under the Optional heading, copy the body of text into a new text file and send this to Brightflag.

  • Alternatively, you can send us the following information labeled 1, 2, and 3 individually:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate.
  • Please also send to Brightflag the Single Sign-on URL you would have configured in step 1.

Need Additional Help?

If you have any questions, please Submit a Request to Brightflag Support team.

Was this article helpful?

0 out of 0 found this helpful

Related articles