Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Setting Up Okta SSO & SCIM Guide

A step-by-step guide to configuring Single Sign-On and automated user provisioning

Follow the steps below or download guide here.

Key Configuration Details

Reference these values during SSO and SCIM setup

Parameter

Value

Single Sign-On URL

https://api.meditation.live/auth/sso/callback

Audience URI (SP Entity ID)

WellnessCoach

Default Relay State

Obtain from Wellness Coach Admin Portal

Name ID Format

EmailAddress

Application Username

Okta username

SCIM 2.0 Base URL

https://ed.wellnesscoach.live/scim

SCIM Unique Identifier

email

SCIM Authorization Token

Obtain from Wellness Coach Admin Portal

Wellness Coach Portal

https://portal.wellnesscoach.live/

Don't have Portal access? Email CustomerSuccess@wellnesscoach.live to get access to the Portal.

Step 1: Create App Integration

Go to Okta Admin Console, click Applications, then Create App Integration.


Step 2: Select SAML 2.0

Choose SAML 2.0 as the sign-in method and click Next.

Screenshot 2026-04-28 at 12.15.38 PM

 

Step 3: Configure App Settings

Enter 'Wellness Coach' as the app name, upload the logo, and click Next.

Screenshot 2026-04-28 at 12.18.05 PM

 

Step 4:Configure SAML Settings

Enter the Single Sign-On URL, Audience URI, Default Relay State, and configure Name ID format.

Single Sign-on URL: https://api.meditation.live/auth/sso/callback

Audience URI (SP Entity ID): WellnessCoach

Default Relay State: [Get from https://portal.wellnesscoach.live/enterprises/config/sso-scim]

 

Screenshot 2026-04-28 at 12.24.12 PM

 

Step 5:Configure Attributes

On the Sign On tab, scroll to Attribute Statements, click Show Legacy Configuration, and click Edit.

 

Screenshot 2026-04-28 at 12.27.07 PM

 

Step 6:Attribute Statements

Map firstName, lastName, and email attributes from Okta user profile.

 

Screenshot 2026-04-28 at 12.29.08 PM

 

Step 7:Complete Setup

Click Save or Next, Review settings and click Finish to create the integration.

Screenshot 2026-04-28 at 12.30.03 PM

 

Step 8:Copy Metadata URL

On the Sign On tab, copy the metadata URL for Wellness Coach configuration in the Portal.

 

Screenshot 2026-04-28 at 12.33.01 PM

Step 9:Configure Wellness Coach Portal

Enable SSO in the Wellness Coach Admin Portal, enter the IdP metadata link, and click fetch to prefill the values, then save.

Alternatively, you can upload the IdP metadata XML file to prefill the values, then save.Screenshot 2026-04-28 at 12.34.39 PM


Step 10:Configure Wellness Coach Portal

If the upload or fetch from URL does not work, you can copy and manually fill in the three required parameters from the “View SAML Setup Instructions” (Refer step 8) link in Okta. And then Save SSO Configuration

Screenshot 2026-04-28 at 12.38.31 PM

PART 2- Okta SCIM Setup

Step 1: Enable SCIM

Navigate to the General tab -> Click Edit -> Select SCIM -> Click Save.

 

Screenshot 2026-04-28 at 3.08.04 PM

 

Step 2: Configure SCIM Settings

Navigate to the Provisioning tab -> Integration -> Edit

Enter the SCIM 2.0 Base URL, unique identifier, and authorization token.

Select HTTP Header for Authentication Mode

SCIM Connector base URL: https://ed.wellnesscoach.live/scim

Authorization Token: [Get from https://portal.wellnesscoach.live/enterprises/config/employee-verification-template#scim-config]

Screenshot 2026-04-28 at 3.11.59 PM

Step 3: Enable Provisioning
 
Navigate to Provisioning -> To App. Enable Create Users, Update User Attributes, and Deactivate Users, then click Save.
 
Screenshot 2026-04-28 at 3.13.50 PM
 
 
 Step 4:Assign People or Groups
 
Assign People or Groups from the respective tabs. For Groups, assign the Wellness Coach app to the appropriate group.
 
Screenshot 2026-04-28 at 3.16.28 PM
 

SSO & SCIM Overview 

Background information on Single Sign-On and SCIM

What is Single Sign-On (SSO)? 

SSO allows users to authenticate once and gain access to multiple applications without re-entering credentials. 

Instead of maintaining separate usernames and passwords for each app, employees log in once through an Identity Provider (IdP) like Microsoft Entra ID and get automatic access to all connected services.

How SSO Works

  1. User visits Wellness Coach

  2. Redirected to Azure AD (IdP)

  3. User authenticates once

  4. Azure sends SAML assertion

  5. Access granted automatically

SSO Authentication Flow: Wellness Coach supports both IdP-Initiated and SP-Initiated SSO

IdP-Initiated Login

  1. Employee logs into Okta Dashboard

  2. Clicks the Wellness Coach icon

  3. SAML request sent from Okta

  4. Automatically signed into Wellness Coach

SP-Initiated Login

  1. Employee opens Wellness Coach app

  2. Redirected to Okta login page

  3. Employee authenticates with Okta

  4. Redirected back, access granted

Why SSO with Wellness Coach?

  • Single Sign-On: 

    Access Wellness Coach with one set of login credentials from any device or application, whether cloud or on-premise.

  • Employee Access Management: 

    New hires automatically get access on their start date. Terminated employees' access is revoked on their last day.

  • Fraud Prevention: 

    Azure AD's Conditional Access policies detect and block fraud in real-time using Device ID, Location, and risk-based authentication.

  • Seamless Experience: 

    Employees enjoy frictionless access to wellness resources without managing multiple passwords or separate logins.

What is SCIM? System for Cross-domain Identity Management

SCIM is an open standard that automates user provisioning and de-provisioning across cloud applications.

With SCIM, your Active Directory stays in sync with Wellness Coach. When an employee joins your organization, their Wellness Coach account is created automatically. When they leave, access is revoked instantly.

Auto-Provisioning: New employees get access automatically

Real-Time Sync: Directory changes reflect instantly

Auto-Deprovisioning: Access revoked on termination