Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Install Wellness Coach SSO & SCIM App

The Wellness Coach app is available as a pre-configured integration in both the Okta Integration Network (OIN) and Microsoft Entra ID (Azure AD) App Gallery. With the pre-configured app, your IT team can set up SSO and automated user provisioning in approximately 10-15 minutes.

After setup, your employees can sign in to Wellness Coach using their corporate credentials, and user accounts are automatically created, updated, and deactivated based on your identity provider (IdP) assignments.

What You Will Need

Item Where to Get It
Relay State Wellness Coach Admin Portal > Advanced >
SSO configuration
SCIM Bearer Token Wellness Coach Admin Portal > Advanced >
Provisioning > SCIM
Admin access to Okta or Azure Your organization's IdP admin console

Note: Contact your Wellness Coach account manager if you do not see the SSO or SCIM settings in your admin portal.

Step 1: Get Your SSO & SCIM Values from Wellness Coach

Before setting up the app in Okta or Azure, you need to get your configuration values from the Wellness Coach Admin Portal.

  1. Sign in to the Wellness Coach Admin Portal as an enterprise administrator.
  2. Navigate to Advanced > SSO Configuration.
  3. Note the following values displayed on the sidebar:
Parameter Description
Single Sign-On URL (ACS URL) The URL your IdP sends SAML responses to
(pre-filled in catalog apps)
Audience URI (Entity ID) The SAML Entity ID - typically "WellnessCoach"
(pre-filled in catalog apps)
Default Relay State Your unique enterprise identifier -
you must enter this in Okta/Azure

Note: Copy the Relay State value. You will paste this into Okta or Azure in the next step.

Step 2: Get Your SCIM Token

  1. Still in the Admin Portal, navigate to Settings > SCIM Configuration (or the SCIM tab on the same page).
  2. If SCIM is not enabled, toggle it to Yes and click Save.
  3. Click Generate Token to create a new SCIM bearer token.
  4. Copy the token immediately — it is only shown once.

The sidebar also shows the SCIM Base URL, which is pre-configured in catalog apps.

Tip: Store the SCIM token securely. If you lose it, you can generate a new one, but the old token will be invalidated.

Step 3: Install the App in Your Identity Provider

Follow the guide for your IdP:

After completing the IdP setup, return here for Step 4.

Step 4: Upload IdP Metadata to Wellness Coach

After you configure the app in Okta or Azure, you need to upload the IdP metadata so that Wellness Coach can validate SAML responses from your identity provider.

Where to find the IdP metadata

  • Okta: Go to the Wellness Coach app > Sign On tab > scroll to SAML Signing Certificates > click Actions > View IdP metadata. Copy the metadata URL or download the XML.
  • Azure: Go to the Wellness Coach app > Single sign-on > scroll to Section 3 (SAML Certificates) > click Download next to "Federation Metadata XML", or copy the "App Federation Metadata Url".

Upload to Wellness Coach

  1. Go to Wellness Coach Admin Portal > Advanced > SSO Configuration.
  2. Toggle SSO to Yes (if not already enabled).
  3. Upload the IdP metadata using one of three methods:
    • Upload XML File: Click "Choose XML File" and select the metadata XML you downloaded from your IdP.
    • Fetch from URL: Paste the IdP metadata URL and click Fetch.
    • Manual Entry: Copy and paste the SSO URL, Entity ID, and X.509 Certificate individually from your IdP.
  4. The SSO fields (Single Sign-On URL, Identity Provider Issuer, and Certificate) will be auto-populated.
  5. Click Save to complete the SSO configuration.

Note: The recommended method is "Upload XML File" or "Fetch from URL" as they automatically populate all required fields and reduce the chance of errors.

Important: SSO will not work until this step is completed. This step establishes the trust relationship between your IdP and Wellness Coach.

Troubleshooting

SSO Errors

Symptom Likely Cause Fix
Error page after clicking app tile Relay State not set Enter your corporate_id in the Relay State field
"Corporate SSO was not found" Wrong Relay State value Verify the corporate_id from WC Admin Portal > SSO Settings
"Email mismatch" error IdP email differs from WC account Ensure NameID maps to the same email domain registered in WC
Redirect loop ACS URL misconfigured Do not modify the pre-configured ACS URL
Certificate error IdP cert expired or changed Re-download certificate from your IdP and update WC SSO config
SSO not working after IdP setup IdP metadata not uploaded to WC Upload IdP metadata XML to WC Admin Portal (see Step 4 above)

SCIM / Provisioning Errors

Symptom Likely Cause Fix
"Test API Credentials" fails (Okta) or "Test Connection" fails (Azure) Wrong token or URL Regenerate the SCIM token in WC Admin Portal and paste again
Users not appearing in Wellness Coach Provisioning not started or user not assigned Verify provisioning is enabled/on and user is assigned to the app
User created but cannot log in via SSO SSO not configured or wrong Relay State Complete the SSO configuration with correct Relay State
SCIM token expired Token has a 1-year expiry Generate a new token in WC Admin Portal > SCIM Settings
Azure provisioning stuck in "initial cycle" Large user set or rate limiting Wait for the cycle to complete (can take hours for 1000+ users)

Where to Get Your Relay State and SCIM Token

Both values are available in the Wellness Coach Admin Portal:

  1. Sign in to the Wellness Coach Admin Portal as an enterprise administrator.
  2. Navigate to Advanced > SSO Configuration.
  3. Your Relay State is displayed on this page.
  4. Navigate to Advanced > Provisioning > SCIM
  5. Click Generate Token to create a new SCIM bearer token.

Note: If you do not see these settings, contact your Wellness Coach account manager to enable enterprise SSO for your organization.

Support

If you encounter issues that are not covered in the troubleshooting section above, contact Wellness Coach support: