SCIM configuration
Rewatch provides Single Sign-On (SSO) and SCIM Provisioning functionality for customers to access it through Okta. This allows IT administrators to better manage team access and keeps information more secure.
We use SCIM (System for Cross-domain Identity Management), a standard that permits Okta to safely pass authorization rule changes to service providers like Rewatch. Rewatch supports the following SCIM features:
- Push New Users
- New users created through Okta will also be created in Rewatch.
- Push Profile Updates
- Updates made to the user’s profile through Okta will be pushed to Rewatch.
- Push User Deactivation and Reactivation
- Deactivating the user or disabling the user’s access to the application in Okta will deactivate the user in Rewatch. Note that deactivating a user means removing access to login, but the user’s profile and associated content (comments, uploaded videos) will continue to remain in Rewatch.
- Import and Push Groups
- Updates to group memberships can be automatically synced to a Rewatch SAML group.
Rewatch setup
Before setting up SCIM, you must setup SAML. Please refer to our our SAML documentation.
On the Rewatch channel admin page, click on the Security link in the sidebar, and scroll to the bottom.
Check the box to enable SCIM and click Save. Then, copy the token for use in the next step.
Okta setup
These are instructions for setting up Rewatch SCIM with Okta.
Enable provisioning for the Rewatch app in Okta
- In the Okta Console, within the Rewatch app, click the Provisioning tab
- Click the Configure API Integration.
- Check
Enable API integrationand paste the API token obtained in the previous section. - Click Save
- You can now assign users and push groups from Okta.
Additional notes
- When users are deactivated in Okta, they will be deactivated in Rewatch. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’. To permanently delete user data, contact Rewatch Support.
- Rewatch does not support modifications to the username independent of the email address. Updates to the username and email address will be reflected, but they cannot be changed such that they are different.
- Groups pushed to Rewatch will not be reflected in the UI unless you create an associated group in Rewatch first. You also cannot modify a SAML group in Rewatch, it must be initiated from the SAML provider. For more information about SAML Groups in rewatch, see our Groups documentation.
Related help articles
Lasted edited on December 17th, 2020