Last updated on • Available in French
ℹ️ As part of CoderPad’s rebranding effort, CodinGame Screen is now just Screen. We’re still working to update the documentation, until then you may still see references to “CodinGame” when setting this up.
This document describes the steps required to activate SSO on your Screen account using the SAML protocol with Okta.
SSO can also be combined with User Provisioning through the SCIM protocol.
Prerequisites for activating SSO on your Screen account:
- You must have admin rights for your Screen account.
- You must have identified the proper person at your end who will be able to implement the required configuration changes on your Okta account, i.e. your system administrator.
- Account-wide failure to login may occur for your users during the configuration process. Reversing the SSO activation on the account can be done at any time if the configuration fails.
- At any time, even when the SSO configuration is active, it is possible for an admin to log into the account using email and password credentials by using one of the following URLs:
- You may want to test drive the integration on a test Screen account first. In that case, contact your account manager to set up this test account.
To activate the SSO configuration on your Screen account:
- Open a ticket with the CoderPad support team asking for SSO activation and User Provisioning.
- The support team will send you back four URL parameters related to SSO:
- SP Entity ID
- SP Assertion Consumer URL
- SP Metadata URL
- SP Logout URL
- And two parameters related to user provisioning:
- SCIM Base URL
- SCIM Secret Token
You’ll then need to complete the following steps:
Configuring the integration
1. Log on to the Okta Admin interface
2. In the menu select Applications > Applications:
3. Select Create App Integration and then select SAML 2.0. Click Next to proceed:
4. Add these general settings:
- Name = CodinGame
- Logo = Download this logo
- Configure SAML:
- Single sign on URL = SP Assertion Consumer URL (from the CoderPad support team)
- Audience URI (SP Entity ID) = SP Entity ID (from the CoderPad support team)
- Use this for Recipient URL and Destination URL = checked
- Name ID format = Unspecified
- Application username = Email
- Add an attribute statement:
- Name = User.Email
- Value = user.email
- Validate the last step
5. Configure Screen to work with Okta:
- In the Sign On tab of the Application, click View Setup Instructions:
6. Send back the following parameters to the CoderPad support team:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate (download as file)
9. Navigate to the Assignments tab. Select Assign > Assign to People or Assign to Groups, and add a test user who is also registered in Screen.
10. Contact CoderPad support to organize a go-live meeting between one of our engineers and your system admin. During the live video meeting, CoderPad will activate SSO on your account and you will check that a test user can connect through SSO. Any final adjustments can be made during this call.
Adding User Provisioning
Once SSO has been activated, User Provisioning can be turned on using the SCIM protocol:
- In Okta, select the CodinGame application then General > App Settings > Edit.
2. Then under Provisioning select SCIM and click Save.
3. From the new Provisioning tab, click on Edit in the SCIM Connection section.
4. Enter in the following configurations:
- SCIM connector base URL = SCIM Base URL (from the CoderPad support team)
- Unique identifier field for users = email
- Supported provisioning actions = Select all the options
- Authentication Mode = HTTP Header
- Bearer Token (HTTP Header > Authorization > Bearer Token) = SCIM Secret Token **(from the CoderPad support team)
The Test Connector Configuration action should be successful at this point.
5. Edit the provisioning. Navigate to Provisioning > Settings > To App and select Edit:
6. Check Create Users, Update User Attributes, Deactivate Users.
7. Click Save.
8. Go to the Push Groups tab of the App
9. Click Push groups >Find groups by name
✅It is recommended to select all groups assigned to the Okta App
10. Click Save.
11. Send a final request to CoderPad support specifying the Screen permissions you want for each group attached to the Okta App. This could be done during the live video meeting as well to speed-up the process.
12. From now on users added to your groups will be automatically created in Screen with the proper set of permissions.