Simplify the sign-on & provisioning process for your Enterprise team. ⚙️
Loom provides single sign-on (SSO) for Enterprise users to simplify the user sign-in and provisioning process and allow access to Loom using several authentication sources, including Okta. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO & provisioning.
👉Note: If you are still using the deprecated custom Okta integration and looking to switch over, please see How to migrate from Loom's custom Okta app to OIN.
Installing the Loom app in Okta
- Go to your Okta instance's administration portal and, in the Applications tab, install the Loom app from the App Catalog.
- Configure your new integration by naming it "Loom".
👉Note: Loom does not currently support IdP-Initiated SSO, but we recommend you bookmark the Loom application in Okta so that your team can access it from the Okta Portal. You'll also want to check the boxes to prevent displaying the app icon to users. You can do this in from Okta in the General Tab for managing the application.
If you're the Admin of your company's Enterprise account, you can configure SSO following the steps below:
- Go to your Workspace settings by clicking on Settings in the left navigation bar of your Library. Open the security tab and toggle on Single Sign On (SSO).
- Select Okta as your IdP for configuration.
- Copy the Connection ID value to a safe place, and click Save.
- Scroll down to Authorize Domains to add the domains you want to authorize. You can use one of two verification methods: either via email to specific inboxes in the domain or via adding a DNS TXT record to your domain. If you choose email, you need to choose destinations to send a verification email (e.g. firstname.lastname@example.org). After adding the domains, you'll see that they're listed as pending validation.
👉Note: Check to make sure that there are no users with outside domains already invited to your Workspace. If there are any existing members of your Workspace with domains other than domain.com, they'll be blocked from logging into Loom.
- Check the email you listed as the destination for your verification email in the prior step. You should receive a message from Loom verifying the domain. After verifying the domain, you'll see that your domain is now verified in your Loom security settings and listed as an authorized domain.
- Open up your Okta admin portal and go to the Applications tab to find the Loom OIN (Okta Integration Network) App. Within the OIN app, click on the Sign On tab and click Edit.
- In the Advanced Sign-on Settings, paste the "Connection Id" value that you saved from your Loom Workspace you saved in Step 3 (under Workspace Settings > Security) into the Connection Id field (format should look like "1234-abcde1234"). For Application username format, select "Email," then click Save.
- SSO is now turned on! All users with your authorized domains will be required to authenticate via SSO.
Configuring provisioning (SCIM)
You can configure provisioning by following the steps below:
In Okta, go to the Loom application and click Provisioning, and click Configure API Integration.
Check the "Enable API Integration" check box and click Authenticate with Loom. Sign in with your Okta account in the pop-up screen.
Once the authentication is done, click Save.
Select the To App section in the left panel, and select all the features you want to enable as shown below and click Save.
You can now assign users to the app (if needed) and finish the application set up.
- When assigning users or groups, Loom app attributes must be selected for the Loom role:
👉Note: When users are deactivated in Okta, they will be deactivated in Loom. Users will not be able to login to the application, but their data will remain available as a ‘Deactivated user’. To permanently delete user data, log into Loom and use the Workspace Member management tool to further delete all of user's data.
Questions, comments, concerns? Contact us here.
Happy recording! 🎥 😄