Skip to main content
All CollectionsAccount SettingsMy Account & Organization
How to Configure Single Sign-On (SSO) and SCIM for ScreenCloud with Okta
How to Configure Single Sign-On (SSO) and SCIM for ScreenCloud with Okta

This guide provides a step-by-step process for setting up SSO and SCIM with Okta and ScreenCloud

Updated over a month ago

Setting up Single Sign-On (SSO) for ScreenCloud using Okta streamlines the login process, enhancing security and user experience by allowing users to access multiple applications with a single set of credentials. This guide will walk you through integrating Okta as your SAML 2.0 identity provider with ScreenCloud, ensuring a seamless and efficient setup. Follow along to simplify your organization's authentication and provide a more secure digital signage solution.

Further on, we will cover System for Cross-domain Identity Management (SCIM), a protocol for automating the exchange and synchronization of user identity information between identity providers and service providers. Without accessing ScreenCloud’s account settings, you can perform operations like creating, updating, and deleting users and groups.

Before you begin, please note that setting up SSO and SCIM for ScreenCloud requires the ScreenCloud Enterprise subscription. In addition, you need to be an Admin of your Okta account.

With your SSO feature ready and activated in your ScreenCloud account, let’s begin.


1. Create your ScreenCloud application in Okta

1.1. In your Okta account and home screen, click Admin to access the Admin Console

ScreenCloud Okta SSO 01.png


1.2. Head to Applications > Applications and click Create App Integration

ScreenCloud Okta SSO 02.png


1.3. Select the sign-in method SAML 2.0.

ScreenCloud Okta SSO 03.png

1.4. In the General Settings, provide a name for your app and click Next. At this point, you can add an image or icon for the app (optional).

ScreenCloud Okta SSO 04.png

1.5. You will now be in the Configure SAML settings, where you need to apply SSO links from your ScreenCloud account.

1.6. In another browser window, open your ScreenCloud account’s Account Setting > Organization and click the Single-Sign-On tab.

ScreenCloud Okta SSO 05.png

1.7. Copy the ACS URL from ScreenCloud and insert that into Okta in the Single Sign On URL space.

1.8. Copy the Audience URL from ScreenCloud and insert it into Okta in the Audience URI (SP Entity ID) space.

1.9. For Name ID Format, select EmailAddress.

1.10. For Application Username, select Email.

1.11. Under Attribute Statements, write in email for Name, select Unspecified for Name format, and select user email for Value.

1.12. With your SAML Settings applied, scroll down and select Next.

ScreenCloud Okta SSO 06.png

1.13. Under Feedback, tick the box for “This is an internal app that we have created” and click Finish.

ScreenCloud Okta SSO 07.png

1.14. Your Okta app for ScreenCloud SSO is now created.

ScreenCloud Okta SSO 08.png

2. Connect your Okta ScreenCloud app and activate SSO


2.1. Click the Sign On tab for your Okta ScreenCloud SSO app and click More details.

ScreenCloud Okta SSO 09.png


2.2. Copy the Sign On URL from Okta to the Identity Provider Sign In URL in ScreenCloud.

2.3. Copy the Sign-out URL from Okta to the Identity Provider > Sign-out URL in ScreenCloud.

2.4. Download the Signage Certificate from Okta, and upload this to X509 Signing Certificate in ScreenCloud.

ScreenCloud Okta SSO 10.png


2.5. Click Save changes for your ScreenCloud Single Sign On settings.

ScreenCloud Okta SSO 11.png


2.6. Your ScreenCloud SSO setup is now complete.

3. Set up SCIM for your ScreenCloud SSO Okta app

3.1. In the General tab for your ScreenCloud app in Okta, click Edit.

ScreenCloud Okta SSO SCIM 01.png


3.2. Tick the box for Enabled SCIM provisioning.

ScreenCloud Okta SSO SCIM 02.png


3.3. This will create a Provisioning section for your app.

ScreenCloud Okta SSO SCIM 03.png


3.4. Head to your ScreenCloud account, find the Provisioning Settings, and copy the SCIM Tenant URL

ScreenCloud Okta SSO SCIM 04.png

.



3.5. Insert the SCIM Tenant URL from ScreenCloud under SCIM connector base URL in Okta.

3.6. For the Unique identifier field for users, write email.

3.7. For Supported provisioning actions, enable Push New Users, Push Profile Updates, and Push Groups.

3.8. For the Authentication Mode, select HTTP Header.

3.9. From your ScreenCloud account, click Generate SCIM API Token, and copy the API token generated. Paste the API token under HTTP Header and Authorization in Okta.

ScreenCloud Okta SSO SCIM 07.png


3.10. Run Test Connector Configuration. Your results should appear as below.

ScreenCloud Okta SSO SCIM 09.png


3.11. Once this is complete, you can click Save for the provisioning details for your ScreenCloud SSO app in Okta.

ScreenCloud Okta SSO SCIM 08.png


3.12. When this is saved, you will have three new setting options under the provisioning section of your SSO app.

3.13. Click To App and enable the options for Create Users, Update User Attributes Deactivate User, and hit Save.

ScreenCloud Okta SSO SCIM 10.png


3.14. Your ScreenCloud SSO app in Okta is now set up for SCIM, and you can now create users in ScreenCloud directly through Okta.

4. Add users to ScreenCloud with SCIM for Okta

Before you run through this step, make sure you have a Group created in Okta. To learn about Okta groups, please see Okta's Manage groups documentation.

4.1. In your ScreenCloud SSO and SCIM app, head to your Assignments section.

Okta with ScreenCloud - Assign Provision 01.png


4.2. Click Assign, and then Assign to Groups. If you wish to assign one user, you can use Assign to People instead.

Okta with ScreenCloud - Assign Provision 02.png


4.3. Click Assign, review the information, and click Save and go back. The group will be labeled as Assigned, and you can finish this step by hitting Done.

Okta with ScreenCloud - Assign Provision 03.png


4.4. The group will be listed under Assignments

Okta with ScreenCloud - Assign Provision 04.png

. If you have assigned a user, you will instead see the assigned user listed under People.


4.5. Head to Push Groups, and select Refresh App Groups. If you assigned just an individual from People, you can skip ahead to step 4.9.

Okta with ScreenCloud - Assign Provision 06.png

4.6. Once the refresh is complete, click the Push Groups button and select Find groups by name.

Okta with ScreenCloud - Assign Provision 07.png


4.7. Search for and select the group you previously assigned, and hit Save.

Okta with ScreenCloud - Assign Provision 08.png


4.8. Wait for the Push Status of the group to update from Pushing to Active

Okta with ScreenCloud - Assign Provision 10.png

.


4.9. Head back to To App under Provisioning and scroll down to find and click the Force Sync action.

Okta with ScreenCloud - Assign Provision 13.png


4.10. Your assigned individual or group will now be provisioned to your organization's ScreenCloud account.

Okta with ScreenCloud - Assign Provision 14.png




4.11. Please note that you will need to assign user permissions in ScreenCloud to your newly created users. However, if the group you added in Okta has the same name as an existing group in ScreenCloud, the users will be added to the existing group in ScreenCloud and the permissions of the group will be applied.

Okta with ScreenCloud - Assign Provision 15.png


To learn how to create groups and apply permissions to users in ScreenCloud, please see People, Groups, and Spaces: Managing Users & Teams With ScreenCloud.

5. How to use Okta to remove a user from ScreenCloud

5.1. In your Okta Admin Console, under Applications, find your ScreenCloud SSO application.

5.2. Click the Assignments tab.

5.3. Under assignments, click the X next to a group or individual under People or Groups that you wish to remove.

5.4. For a Group, you will need to head to Push Group and deactivate or unlink the group before the next step.

5.5. Next, head to Provisioning > To App and scroll down to find and action Force Sync, which will remove the users and the group from ScreenCloud.

5.6. For confirmation, check your ScreenCloud organization's Account Settings > People page. The removed user or group should no longer exist.

6. How to sign in to ScreenCloud through Okta

When your new user is created in ScreenCloud through Okta, there are two ways they can log in.

i) By using the Sign-On URL under Account Settings > Organization > Single-Sign On in your ScreenCloud account.

Okta with ScreenCloud 5 - Login 05.png
Okta with ScreenCloud 5 - Login 06.png


ii) Or by using your account's slug name with the ScreenCloud SSO login auth.screencloud.com. The slug name can be found under Account Settings > Organization > Single-Sign On.

Okta with ScreenCloud 5 - Login 01.png
Okta with ScreenCloud 5 - Login 02.png
Okta with ScreenCloud 5 - Login 03.png
Okta with ScreenCloud 5 - Login 04.png
Did this answer your question?