Single Sign-On

VividCortex supports Single Sign-On for authenticating and provisioning users. This allows organizations with large teams to simplify the process of granting or revoking access to VividCortex. We currently support Okta, OneLogin, and Azure for SSO. Note that this feature is only available to Premium-tier customers.

Select your identity provider to see detailed instructions on setup.

Authentication with OneLogin

Create a new VividCortex app in OneLogin by clicking here.

OneLogin Before Creation

Click “SAVE.”

Then, go to the Configuration tab to setup API access. When you visit the page, it will look something like this:

OneLogin Empty Config

Enter your organization’s subdomain in the field VividCortex Org Subdomain. The subdomain is your organization nickname; it is the subdomain of the VividCortex app URL you use when accessing VividCortex. If you access VividCortex through “,” you will enter “acme.”

Then, in SCIM Base URL, enter https://{subdomain}, where {subdomain} is your organizations nickname (“acme” in this example).

Then, in SCIM Bearer Token, enter the VividCortex API authentication token found in the VividCortex application Settings page. Enable the API.

The configuration page, when complete, should look like the following:

OneLogin Config Sample

In the Provisioning tab, you must select Enable Provisioning for VividCortex. This is mandatory so VividCortex can be notified about any changes in your team.

OneLogin Enable Provisioning

Lastly, find the SAML metadata by clicking More Actions:

OneLogin Enable Provisioning

You will need to download the file at the Issuer URL:

OneLogin Enable Provisioning

Copy and paste its content (the XML) into the Federation metadata field in the VividCortex Authentication settings page. Then click Save.

You can now use OneLogin for creating, deleting, and updating users. If you have any questions, contact Support via the in-app chat or by emailing

Authentication with Okta

Go to your Okta Dashboard, find the VividCortex app, and add it. A configuration screen will appear.

Okta Add VividCortex

In General Settings, under Subdomain, enter your VividCortex account subdomain. For example, if you access VividCortex at “," your subdomain is acme. Click Done.

Okta Subdomain Setting

Navigate to ‘Sign On’ settings, and click ‘Edit’ in the top right corner. Under ‘CREDENTIALS DETAILS’, change the Application username format to Email and click Save.

Username Format

In the SAML 2.0 box, click the link for ‘Identity Provider metadata.’ Copy and paste the XML into the FEDERATION METADATA box in VividCortex.

Username Format

The next step requires you to enable provisioning features. This is mandatory so VividCortex can be notified about any changes in your team. Open ‘Provisioning’ settings and click ‘Configure API Integration’ and ‘Enable API Integration’.

API Integration

Generate an API token in the Authentication Settings of VividCortex, and paste that API token into the API Token field in Okta. Click ‘Test API Credentials’ to ensure everything is working. Click Save.

Edit the ‘Provisioning To App’ settings and enable Create Users, Update User Attributes, and Deactive Users. Click Save. Create Users, Update User Attributes and Deactivate Users must be enabled in order to keep the user directory in sync with VividCortex.

API Integration

In VividCortex, once you have pasted the FEDERATION METADATA, click Save.

API Integration

If you’d like, you can assign existing users to the VividCortex app by clicking ‘Assignments’ in Okta.

Authentication With Azure

Follow the Microsoft documentation to create a non-gallery application.

Configure Single sign-on using the following values:

  • Set the Identifier (Entity ID) to
  • Set the Reply URL to https://{subdomain} For example, if you access VividCortex at “," your subdomain is acme.
  • Set the Unique User Identifier to user.mail
  • Download the Federation Metadata XML and paste that into the FEDERATION METADATA field in VividCortex.

API Integration

Configure Provisioning with the following values:

  • Change the Provisioning Mode to Automatic.
  • Set the SCIM Base URL to https://{subdomain}
  • Configure the SCIM Bearer Token using a VividCortex API token generated from the Authentication Settings page.

API Integration

Save the configuration in VividCortex.

API Integration