Set up user based SSO with group provisioning for OKTA

Avatar
Chris Broughton
  • Updated

Overview

This guide will help you set up user provisioning in OKTA. The goal is to pass a vyTeam parameter on a per Group basis (rather than an individual User) with your SAML based assertions. This will allow for easier scaling and modification of teams.

Steps

Ensure that you have added your Vidyard application within OKTA. Instructions for that can be found on the article for Managing user access with SSO.

1. On the App setup page, add an Attribute Statement (Note - not 'Group Attribute Statement') for the Name vyTeam and set the Value to be appuser.vyTeam.

appuser.vyTeam setting

2. Go to Directory > Profile Editor.

3. Click Apps and find the Vidyard app you have created. Click Profile on this app to edit.

4. Click Add Attribute

5. Create a variable called vyTeam. The value should be vyTeam in the Variable name

mceclip0.png

6. Hit Save Attribute. The profile editor view will look like this.

Profile Editor

7. Each group that relates to a Vidyard team needs to overwrite the vyTeam variable with the corresponding team value. The value needs to match the Team name i.e. 'Admin', 'User' or custom name. When complete hit Save.

Team name correct

8. Ensure that your users are added to the group that are assigned to the Vidyard app. The vyTeam attribute will pass through from here for the users. Ensure that these users are only ever able to send one vyTeam parameter in the assertion to avoid sign in issues.

Need support

Submit a ticket or start a chat. We'll provide a self-serve resource or connect you with our support team, available 24x5.

Chat with Our Team