Overview
Okta SSO (Single Sign-On) enables seamless and secure access to Swif by integrating with Okta as the identity provider. This article provides steps for Swif customers to register an app on Okta and provide the necessary details to enable SSO on Swif's login page.
Swif supports two approaches for integrating Okta SSO for user login:
OIDC (OpenID Connect) – the current standard method for login.
SAML – SSO via SAML.
SCIM – a new method enabling SCIM provisioning and deprovisioning.
Steps to Create an App on Okta (OIDC)
1. Log in to Okta
Go to your Okta administrator account and log in.
2. Navigate to Applications
In the Okta dashboard, click on Applications.
Select Create App Integration.
3. Choose Integration Type
Select OIDC - Open ID Connect as the sign-on method.
Choose Web Application.
4. Configure the Redirect URI
In the configuration settings, set the Redirect URI to:
https://auth.swif.ai/login/callback
5. Retrieve Client Credentials
Once the app is created, note down the following details:
Client ID
Client Secret
Domain (your Okta organization URL, e.g.,
dev-xxxxx.okta.com).
6. Providing Information to Swif
After completing the above steps, set the Client ID, Client Secret, and Domain to Swif’s Settings > Security.
Steps to Create an App on Okta (SAML)
In Okta, go to the Applications page, click Create App Integration, and select SAML 2.0.
Enter a name for the app.
Important: Use the connection name that Swif's team provides to you in the following fields. If you don't have it, message support@swif.ai.
Single Sign-On URL:
https://auth.swif.ai/login/callback?connection={{CONNECTION_NAME}}Audience URI (SP Entity ID):
urn:auth0:swifteam:{CONNECTION_NAME}
Click Next, then Finish.
Go to the Sign On tab and click View SAML setup instructions.
Copy the Identity Provider Single Sign-On URL and download the certificate file.
Send both the URL and certificate file to Swif at Settings > Security.
How to Enable Automatic Provisioning & Deprovisioning with Okta SCIM
1. Configure SCIM in Auth0
Log in to your Auth0 Dashboard.
Navigate to: Authentication > Enterprise > Okta Workforce > [your-connection] > Provisioning.
Enable Create Users, Update User Attributes, and Deactivate users. Choose Save.
Under the Attribute Mappings section, use the X button to delete the following lines, which are not needed and may cause issues during PUT operations:
Attribute | Value |
Primary email type |
|
Primary phone type |
|
Address type |
|
2. Retrieve SCIM Endpoint URL and Token
You will need Swif's team provided SCIM Endpoint URL and Token. If you don't have it, message support@swif.ai.
3. Configure SCIM in Okta
In Okta, go to Applications > [Your Swif OIDC App] > Provisioning > Integration.
Enter the SCIM connector base URL and token from Auth0.
Ensure all required scopes are granted for the SCIM token.
Before saving, you can run Test Connector Configuration to test it out.
4. Verification Steps
You can now test user provisioning in the Assignments tab and test update operations by editing the user attributes in the Directory > People section of your Okta admin portal.
Assign the user to the Swif OIDC connect app.
The user should be automatically created as a Swif team admin.
Test both provisioning (adding users) and deprovisioning (removing users from the app).
5. Troubleshooting & Best Practices
Always test provisioning from the Assignments tab in Okta, not just Okta Directory > People.
If users are not appearing as the Swif team admin, double-check the SCIM URL, token, and attribute mappings.
For Okta-specific issues, open a support case with Okta.
Need Help?
If you encounter any issues during this process, please reach out to our support team for assistance. We're here to ensure a smooth and secure setup!