Okta SSO | Communifire Documentation

On visiting your intranet, users will be re-directed to the Okta log in page.

Logging in with Communifire credentials

You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click Login via SAML to sign in using Okta credentials.

Return to top

In the mobile app, users will be re-directed to the Okta log in page after entering the site URL.

Logging in with Communifire credentials

You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click SSO Login to sign in using Okta credentials.

Return to top

A user is created in Communifire when the user logs in for the first time. You can add users to Communifire before they log in using the methods below.

Bulk import users

Pre-populate users before Okta setup or launch with Bulk Import Users . The Communifire usernames you create must match the usernames in Okta.

Add users

Add users in Control Panel > People > Manage People > Add User . The Communifire username you create must match the username in Okta.

REST API

You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .

Adding Communifire administrator accounts

If Communifire administrator accounts are created before Okta is set up and the Communifire usernames match Okta usernames, the administrator accounts will sync with the corresponding Okta accounts. If not, you will need to re-configure permissions for the admin Okta accounts and remove the previous Communifire administrator accounts.

Return to top

Any data can be imported from Okta, as long as there are corresponding User Profile Fields in Communifire. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Communifire. See the table below for common fields to import.

* The country code in Okta must match country options in Communifire exactly.

You can also use our REST API to import user data into Communifire.

Return to top

User data is updated in Communifire every time a user logs in.

Email and username change

When a user's email is changed in Okta, the user's Communifire email will be updated the next time they login. The Communifire username won't be changed and must be updated manually by a site administrator.

Return to top

When a user's assignment is removed in Okta, the user will be blocked from logging into Communifire using Okta.

The user's account will still be active in Communifire. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.

Return to top

1. Click Applications > Applications.
   
2. Click Add Application.
   
3. Search for Communifire.
4. Click Communifire.
   
5. Click Add.
   
6. Update the Application label.
7. Enter your site URL in Base URL.
   Example:
   
8. Click Done.
   
9. Click Sign On.
   
10. Click Edit.
    
11. Expand Attributes.
12. Add attributes to pull into Communifire. By default, Email, GivenName, and Surname are pulled into Communifire.
    
    Basic attributes to add:
    

    Name	Value
    Company	user.organization
    Title	user.title
    Department	user.department
    streetAddress	user.streetAddress
    city	user.city
    state	user.state
    zipCode	user.zipCode
    countryCode	user.countryCode
    TelephoneNumber	user.mobilePhone or user.primaryPhone

    Example:
    
13. For Application username format, select Email.
    
14. Click Save.
    
15. Click View Setup Instructions.
    
16. Copy the Identity Provider Single Sign-On URL and save it for later.
17. Copy the Identity Provider Issuer and save it for later.
    
18. Download the X.509 Certificate.
    
19. Click Assignments.
    
20. Assign users or groups to the app.
    
    
    
    

Provisioning

To configure provisioning, see Okta SCIM Configuration Guide .

Return to top

1. In Communifire, go to Control Panel > System > Single Sign On.
2. Select SAML.
3. Click Save.
4. Enter the following information:
   
   • Partner Identity Provider URL: Enter the Identity Provider Issuer you copied.
   • Single Sign On Service URL: Enter the Identity Provider Single Sign-On URL you copied.
   • Relying Party Trust Identifier: Enter your intranet URL.
   • Single Logout Service URL: Enter the Identity Provider Single Sign-On URL you copied.
   • Partner Identity Certificate (CER): Upload the X.509 Certificate file. (okta.cer)
     
     Example:
     
5. Click Update.
6. Click Data Mapping.
7. For Type, select SAML.
8. Add attribute mappings. The Property Name should match the attribute name you entered in Attribute Statements in Okta.
   Example:
   
9. Click Update.
10. Submit a private case to have our team provide the Service Provider Certificate (PFX) and Certificate Password.

Return to top

1. Click Assignments.
   
2. Assign users or groups to the app.
   
   
   
   

Return to top

Exception: "The partner identity provider http://www.okta.com/xxxxxxxx is not configured."

Go to Control Panel > System > Advanced System Utilities and click Restart Site.

Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "InvalidPassword" in stack trace.

Go to Control Panel > System > General Settings > Advanced Settings. Set "Maximum length for password" to a value over 25.

Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "Failed" in stack trace.

Go to Control Panel > System > General Settings > Advanced Settings. Set "Minimum length for username" to a lower value. Set "Maximum length for username" to a higher value.

Return to top