Brightflag integrates with several Single Sign-on (SSO) identity providers. If you are considering setting up SSO and user provisions with Okta, your company’s dedicated Brightflag Implementation Manager can guide you through this. This guide also takes you through the process.
Single sign-on (SSO) will allow you and your colleagues to gain access to Brightflag through Okta, rather than a need for manual login. Additionally, user provisioning is available for all Brightflag user types, meaning you can create, update, and deactivate accounts through Okta.
Prerequisites for User Provisioning (SCIM):
- An Okta account with admin privileges
- SCIM version is 1.1
Received an API key from a Brightflag Administrator that you can use to configure your integration. If you need to request an API key, please contact email@example.com.
Note: If you only wish Okta to provide SSO, you can ignore requesting an API key from Brightflag.
To set up SSO and User Provisioning (SCIM):
- Reach out to firstname.lastname@example.org or your implementation manager. We will enable SSO as an option for your account and talk you through any initial questions you may have
- Log in to Okta & select classic UI under Developer Console
- Select Applications
- Select Add Application
- Search for Brightflag and select Add
- Provide an Application Label and a Base URL.
- The Base URL information will be shown below the input box on Okta, please enter one of the listed URLs based on your location and requirements. Then select the checkboxes based on your requirements and click Done.
- Note: Brightflag is primarily a desktop application and we do not recommend access from mobile devices.
- You will be brought to the application Assignments tab.
- Click the Sign-on tab to set up SSO and follow the instructions. Okta also stores the latest Brightflag configuration guide on this page.
- Click on Provisioning and follow the instructions. Similarly, Okta stores the latest brightflag configuration guide on this page. (Note: This is not required for only SSO integration)
To send the federation metadata to Brightflag:
- After assigning the people/groups to your app, navigate to the Sign On tab.
- Click on view setup instructions to get the SAML Federation Metadata.
- Scroll to the bottom of this page and under the Optional heading, copy the body of text into a new text file and send this to Brightflag.
- Alternatively, you can send us the following information labelled 1, 2 and 3 individually:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate.
- Please also send to Brightflag the Single Sign-on URL you would have configured in step 1.