If you use Okta as your Identity Provider, please follow these instructions to configure user access to Syncly
In order to control access to the Syncly web app we support various federation providers, this page outlines how to do this via OKTA.
If you use Azure AD, please follow this guide instead
If you use another provider not listed, we support any IdP that works with the OpenId Connect standard. Please reach out to Syncly support if you need assistance - support@syncly.io
In each case, the IdP will need to set the redirect uri to the server picked when setting up the web app. The four roles 'User', 'Connector.Admin', 'Admin', 'Plugin.User' need to added into the provider and users assigned to them (For more information about roles please read this) . Note that we also have the ability to map group claims to roles via application configuration.
- Create a new app integration in OKTA, select Sing-in method “OIDC - OpenID Connect” & Application type “Web Application”; Give it a name “Syncly App” and
- Assign the Sign-in redirect URIs provided to you. This will be in the format of https://company_name.syncly.io/signin-oidc
Remove Sign-out redirect URIs as it not required. Select “Skip group assignment for now”.
- Create Groups in OKTA:Create the following four groups in OKTA, Go to Directory -> Groups:
- SynclyRoles.User
- SynclyRoles.Admin
- SynclyRoles.ConnectorAdmin
- SynclyRoles.PluginUser
- Assign Groups to Syncly App: Navigate to Applications you created in step 1-> Assignment tab, and assign all four groups to the application.
- Update OpenID Connect ID Token: Go to Applications you create in step1 -> Sign-On tab, Edit the OpenID Connect ID Token, and update the Group Claim filter to "groups, " "Matches regex, " and "SynclyRoles.*”
- We then need to be provided with the following details:
- Client ID
- CLIENT SECRETS
- Your OKTA URL
- You are finished!