How to migrate from Loom's custom Okta app to OIN

Switch over to our Loom app in Okta for easy provisioning. πŸŽ‰

πŸš€  We have a new & improved experience for Admins to configure SSO & Directory sync! πŸš€

If you are a setting up SSO and Directory Sync for the first time, please refer to this article:
How to configure SSO & Directory sync

If you have already configured SSO using our previous set up and want to configure Directory sync, please reach out to your Customer Success or Account Manager. We are currently working on a self-serve method to migrate existing customers to the new set up. 

If you are using Loom's custom Okta application, we recommend switching over to the OIN (Okta Integration Network) Loom app for the optimal experience.

This guide will walk you through: 

πŸ‘‰Prerequisites: You will need to have Admin access to the Loom workspace, the Custom Okta Application created previously, and the ability to install the new OIN application.

Installing the Loom app in Okta

  1. Go to your Okta instance's administration portal and, in the Applications tab, install the Loom app from the App Catalog.
  2. Configure your new integration by naming it "Loom". Check the boxes to prevent displaying the app icon to users, as we will continue to use the bookmark app to use Service-Provider initiated logins.

Configuring SSO

  1. Within the OIN app, click on the Sign On tab and click Edit


  2. Copy the "Connection Id" value in your Loom Workspace (under Workspace Settings > Security) and paste in the field Connection Id field (format should look like "1234-abcde1234"). For Application username format, select "Email," then click Save


  3. In the same page, click "View Setup Instructions" and copy the Identity Provider Single Sign On URL and copy the URL in a safe place. In addition, download the X.509 certificate by clicking the URL.


  4. To ensure uninterrupted service, we will make the same assignments for both applications. This will highly depend on your setup, but make sure that you are at least assigned to both applications. 
  5. If you have SCIM provisioning enabled in the custom Okta application, please disable Deactivate Users in the Provisioning Tab, and click Save. This will ensure that when removing the Custom App all users won't be deactivated.


  6. We now switch your Loom workspace over to the OIN application. In Loom's Security settings (Settings > Workspace > Security tab), select "Okta". Update the Identity Provider Login URL copied earlier in this process, upload the new X.509 certificate and click Save. Note: SCIM will be disabled automatically if it's enabled.


Configuring Provisioning

Note: If you don't plan on enabling Provisioning, you can skip to deactivating the custom Okta App

  1. In your Loom Workspace settings (under the "Security" tab), scroll down to the bottom of the page and click Enable SCIM.

  2. In Okta, go to the new OIN application and click Provisioning, and click Configure API Integration. Check the "Enable API Integration" check box and click Authenticate with Loom. Once the authentication is done, click Save.

  3. In the Provisioning to App section, enable all the features we provide as shown below and click Save.


  4. You can now assign users to the app in the Assignments tab and click Provision Users if the button is visible to you. The new app should be good to go!

    Due to limitations on how Okta treats CSV imports, we do not support assignments done via CSV Imports with provisioning enabled. If you did so, please un-assign and reassign all users to the Loom application to make sure updates are properly propagated to Loom.

Deactivating the custom Okta app

  1. In the custom Okta app, make sure Deactivate Users is disabled:

  2. Deactivate the Custom Okta App as shown below: 



  3. That's it! Enjoy the new app!

Happy recording (& provisioning)! πŸŽ₯ πŸ˜„

0 out of 0 found this helpful