Single Sign-On

VividCortex supports SAML Single Sign-On for authenticating users. This allows organizations with large teams to simplify the process of granting or revoking access to VividCortex. We support Okta and OneLogin for SSO, and we may add other identity providers in the future. If you need support for another identity provider, please contact us; your input helps us prioritize.

Note that this feature is only available to Premium-tier customers.

Setup

Start by going to the Settings page, and then select Authentication under “Organization Settings.” Select SAML SSO. Your VividCortex API authentication token will be revealed. You will need this token, as well as your federation metadata provided by your identity provider, in order to complete the setup process.

Authentication settings

Select your identity provider for detailed instructions on completing setup:

Authentication with OneLogin

Create a new VividCortex app in OneLogin by clicking here.

OneLogin Before Creation

Click “SAVE.”

Then, go to the Configuration tab to setup API access. When you visit the page, it will look something like this:

OneLogin Empty Config

Enter your organization’s subdomain in the field VividCortex Org Subdomain. The subdomain is your organization nickname; it is the subdomain of the VividCortex app URL you use when accessing VividCortex. If you access VividCortex through “acme.app.vividcortex.com,” you will enter “acme.”

Then, in SCIM Base URL, enter https://{subdomain}.app.vividcortex.com/api/v2/scim/, where {subdomain} is your organizations nickname (“acme” in this example).

Then, in SCIM Bearer Token, enter the VividCortex API authentication token found in the VividCortex application Settings page. Enable the API.

The configuration page, when complete, should look like the following:

OneLogin Config Sample

In the Provisioning tab, you must select Enable Provisioning for VividCortex. This is mandatory so VividCortex can be notified about any changes in your team.

OneLogin Enable Provisioning

Lastly, retrieve the SAML metadata under “More Actions,” and paste the metadata into the Federation metadata field in the Settings page within VividCortex.

OneLogin Enable Provisioning

You can now use OneLogin for creating, deleting, and updating users. If you have any questions, do not hesitate to contact us for support.



Authentication with Okta

Go to your Okta Dashboard, find the VividCortex app and add it. A configuration screen will appear.

Add VividCortex to Okta

In the first step, you need to enter the subdomain of your organization when accessing VividCortex. If you access VividCortex at “https://acme.app.vividcortex.com," your subdomain is acme.

Setup subdomain

The next step requires you to enable provisioning features. This is mandatory so VividCortex can be notified about any changes in your team.

Setup credentials

Next, you need to enter the VividCortex API authentication token for Okta to communicate with VividCortex.

Make sure the Okta username format is set to “Email address” under User Import. New users created in VividCortex will be downloaded and turned into new AppUser objects for matching against existing Okta users.

User import

Create Users, Update User Attributes and Deactivate Users must be enabled in order to maintain the user directory in sync with VividCortex.

Provisioning features

Each of these enable the following:

  • Created Users: New users created through Okta will also be created in the VividCortex application.
  • Update User Attributes: Updates made to the user’s profile through Okta will be pushed to the VividCortex application.
  • Deactivate Users: Deactivating the user through Okta will remove the user from the organization and all teams in the VividCortex application.

In the final step, you can assign existing users to the VividCortex app. Just check on each user you want to assign access to VividCortex and click Next to go to the review step. You can change these assignments at any moment after you finish the configuration.

User assignment

Once you are done, go to the Sign On tab and click on View Setup Instructions, where you can get the Federation metadata required to finish the process in VividCortex.

View Setup Instructions

Go back to VividCortex, paste the metadata from the previous step into the text box, and click Save.

Finish process

From now on, you can manage your users access to VividCortex from Okta.