Communifire supports Okta integration for single-sign on (SSO). This page covers information about Okta SSO, walks you through how to configure Okta SSO on your intranet, and provides solutions to common issues. For more information or assistance from the Axero team, submit a private case.
On visiting your intranet, users will be re-directed to the Okta log in page.
Logging in with Communifire credentials
You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click Login via SAML to sign in using Okta credentials.
In the mobile app, users will be re-directed to the Okta log in page after entering the site URL.
You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click SSO Login to sign in using Okta credentials.
A user is created in Communifire when the user logs in for the first time. You can add users to Communifire before they log in using the methods below.
Bulk import users
Pre-populate users before Okta setup or launch with Bulk Import Users . The Communifire usernames you create must match the usernames in Okta.
Add users in Control Panel > People > Manage People > Add User . The Communifire username you create must match the username in Okta.
You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .
Adding Communifire administrator accounts
If Communifire administrator accounts are created before Okta is set up and the Communifire usernames match Okta usernames, the administrator accounts will sync with the corresponding Okta accounts. If not, you will need to re-configure permissions for the admin Okta accounts and remove the previous Communifire administrator accounts.
Any data can be imported from Okta, as long as there are corresponding User Profile Fields in Communifire. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Communifire. See the table below for common fields to import.
* The country code in Okta must match country options in Communifire exactly.
You can also use our REST API to import user data into Communifire.
User data is updated in Communifire every time a user logs in.
Email and username change
When a user's email is changed in Okta, the user's Communifire email will be updated the next time they login. The Communifire username won't be changed and must be updated manually by a site administrator.
When a user's assignment is removed in Okta, the user will be blocked from logging into Communifire using Okta.
The user's account will still be active in Communifire. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.
Return to top
This guide walks you through how to enable Okta SSO in Communifire. Client-side setup is estimated to take 1-2 hours and Communifire team setup is estimated to take 1-2 hours. The time to set up SSO can vary based on how long it takes to set up internal systems and to provide the Communifire team with required information. The total time for setting up SSO may take up to 1-2 business days.
Once you complete the guide, Okta SSO will be active on your intranet. If you run into any issues, submit a case here for assistance.
To configure provisioning, see Okta SCIM Configuration Guide .
You can add Okta Groups into your Communifire SAML fields by doing the following:
1. Go to Control Panel>System>Single Sign On
2. Under Data Mapping select Type SAML.
3. Press Add. Enter in the label you wish to call the grouping property (in this example its called GroupName) then select Okta Groups from the drop down. Press Update.
4. Navigate to your Okta Administration page and select the application for Communifire.
5. Click the Sign On tab. Under Settings expand the Attributes then press Edit.
6. Scroll down to the Group Attribute Statements (optional) section and add the "GroupName" label made in Communifire with the Filter "Matches regex" and Value "\w+".
7. Scroll down and Click Save.
8. Now the Okta Grouping comes across as a property for users to be acted upon.
All users will have a unique username that is separate from their email. If you would like your users to log in to Communifire with their email address and restrict them from using their username as log-in credentials, please follow the steps below:
Login to the website as an administrator.
Navigate to Control Panel>People>User Profiles.
Now, edit the login page.
Edit the Email or Username field under Login to your account tab.
You can select how you want your users to log in to Communifire.
Exception: "The partner identity provider http://www.okta.com/xxxxxxxx is not configured."
Go to Control Panel > System > Advanced System Utilities and click Restart Site.
Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "InvalidPassword" in stack trace.
Go to Control Panel > System > General Settings > Advanced Settings. Set "Maximum length for password" to a value over 25.
Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "Failed" in stack trace.
Go to Control Panel > System > General Settings > Advanced Settings. Set "Minimum length for username" to a lower value. Set "Maximum length for username" to a higher value.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/95490/okta-sso
Your session has expired. You are being logged out.