Configuring Single Sign-on (SSO) & User Provisions (SCIM) with Okta: for Brightflag Customers (Clients)

Brightflag integrates with several Single Sign-on (SSO) identity providers. If you are considering setting up SSO and user provisions with Okta, your company’s dedicated Brightflag Implementation Manager can guide you through this. This guide also takes you through the process.

Single sign-on (SSO) will allow you and your colleagues to gain access to Brightflag through Okta, rather than a need for manual login.

Additionally, user provisioning is available for all Brightflag user types, meaning you can create, update, and deactivate accounts through Okta.


Prerequisites for User Provisioning (SCIM):

  • An Okta account with admin privileges.

  • SCIM version is 1.1

  • Received an API key from a Brightflag Administrator that you can use to configure your integration. If you need to request an API key, please Submit a Request to Brightflag Support team. 

  • Note: If you only wish Okta to provide SSO, you can ignore the above SCIM prerequisite and ignore requesting an API key from Brightflag.


To set up SSO and User Provisioning (SCIM):

  1. Once you have logged into Okta, select Applications - Applications in the sidebar menu.

  2. Select Browse App Catalog
  3. Enter into the search box: “Brightflag

  4. Select “Add

  5. Provide an Application Label and a Base URL
  6. The Base URL information will be shown below the input box on Okta, please enter one of the listed URLs based on your location and requirements. Then select the checkboxes based on your requirements and click Done.
    Note: Brightflag is primarily a desktop application and we do not recommend access from mobile devices.

  7. You will be brought to the application Assignments tab.
    • Click the Sign-on tab to set up SSO and follow the instructions. Okta also stores the latest Brightflag configuration guide on this page.
    • Click on Provisioning and follow the instructions. Similarly, Okta stores the latest Brightflag configuration guide on this page. (Note: This step is only required for our SCIM integration)

To send the federation metadata to Brightflag:

  • After assigning the people/groups to your app, navigate to the Sign On tab.

  • Click on view setup instructions to get the SAML Federation Metadata.

  • Scroll to the bottom of this page and under the Optional heading, copy the body of text into a new text file and send this to Brightflag.

  • Alternatively, you can send us the following information labeled 1, 2, and 3 individually:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate.
  • Please also send to Brightflag the Single Sign-on URL you would have configured in step 1.


Need Additional Help?

If you have any questions, please Submit a Request to Brightflag Support team.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Have more questions?
Submit a request
Share it, if you like it.