Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure content. SAML enables cross-domain single sign-on, allowing users to access other sites without the need for re-authentication. Communifire version 4.7 and above supports SAML 2.0.
On visiting your intranet, users will be re-directed to the Okta log in page.
Logging in with Communifire credentials
You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click Login via SAML to sign in using Okta credentials.
In the mobile app, users will be re-directed to the Okta log in page after entering the site URL.
You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click SSO Login to sign in using Okta credentials.
A user is created in Communifire when the user logs in for the first time. You can add users to Communifire before they log in using the methods below.
Bulk import users
Pre-populate users before Okta setup or launch with Bulk Import Users . The Communifire usernames you create must match the usernames in Okta.
Add users
Add users in Control Panel > People > Manage People > Add User . The Communifire username you create must match the username in Okta.
REST API
You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .
Adding Communifire administrator accounts
If Communifire administrator accounts are created before Okta is set up and the Communifire usernames match Okta usernames, the administrator accounts will sync with the corresponding Okta accounts. If not, you will need to re-configure permissions for the admin Okta accounts and remove the previous Communifire administrator accounts.
Any data can be imported from Okta, as long as there are corresponding User Profile Fields in Communifire. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Communifire. See the table below for common fields to import.
* The country code in Okta must match country options in Communifire exactly.
You can also use our REST API to import user data into Communifire.
User data is updated in Communifire every time a user logs in.
When a user's assignment is removed in Okta, the user will be blocked from logging into Communifire using Okta.
The user's account will still be active in Communifire. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.
Submit Private Case
Submit a private case here to have our team upload your certificate file, upload our LocalCertificateFile, and set LocalCertificatePassword. Zip up your okta.cert file and attach it to the case.
Exception: "The partner identity provider http://www.okta.com/xxxxxxxx is not configured."
Go to Control Panel > System > Advanced System Utilities and click Restart Site.
Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "InvalidPassword" in stack trace.
Go to Control Panel > System > General Settings > Advanced Settings. Set "Maximum length for password" to a value over 25.
Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "Failed" in stack trace.
Go to Control Panel > System > General Settings > Advanced Settings. Set "Minimum length for username" to a lower value. Set "Maximum length for username" to a higher value.
Please enable JavaScript to use file uploader.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/42136/okta-sso