Fullcast SSO Express Configuration for Okta Customers
Fullcast allows users to login via Okta as Single Sign-On (SSO) using Express Configuration. This document details how to configure SSO for your organization.
Prerequisites
In order to proceed with configuring login with SSO through Okta, you must:
Have access to an Okta tenant
Be an Okta administrator to that tenant
Have a Fullcast production tenant with admin access
Supported Features
Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Fullcast.
Just-In-Time (JIT) Provisioning - Users are automatically created on their first login if your enterprise license has available seats. Email and name attributes are provisioned.
Note: Users creation is automatically created via JIT provisioning or by administrator in Fullcast application. Authorization to Fullcast is managed by your Fullcast tenant admin by setting up role based permissions.
Configuration Steps
Request a Fullcast access https://www.fullcast.com/plans-and-pricing
Receive Credentials from Fullcast
Add Fullcast Application in Okta
In Okta, go to Applications → Browse App Catalog
Search for Fullcast and click Add Integration
Click Done
Express Configure SSO
On the newly created Fullcast application, click the Sign On tab
Click Express Configure & Universal UL
Enter the organization name provided by Fullcast
When prompted for credentials, enter the admin email and temporary password provided by Fullcast
On the next screen, approve the connection with Fullcast to complete the setup
Notify Fullcast
Send an email to customersupport@fullcast.com to confirm that you have completed the Express Configuration setup.Fullcast support will then:
Enable home realm discovery for your domain
Enable application access so your users can log in
Note: Wait for confirmation from Fullcast before proceeding to the next step.
Assign Users and Test
Once Fullcast has confirmed the setup is complete:
Assign the admin account to the Fullcast application in Okta
Assign any other users or groups that should have access to Fullcast
Test the login flow by navigating to app.fullcast.io and logging in with the admin account
You should be automatically redirected to your Okta SSO login
Confirm Completion
Tip: Since only SP-initiated flow is supported, Okta recommends hiding the app icon for users to avoid confusion.
SP-Initiated SSO (Logging Into Fullcast Using Okta)
The sign-in process is initiated from Fullcast.
1 From your browser, navigate to app.fullcast.io
2 Click the Log In button
3 Enter your enterprise email address
4 You will be automatically prompted to authenticate with Okta
5 Enter your Okta credentials (email and password) and sign in
6 If your credentials are valid, you are redirected to the Fullcast dashboard.
Universal Logout
When Universal Logout is enabled, Okta can terminate user sessions across all applications when:
An administrator initiates a logout from the Okta Admin Console
The Okta system detects risk and terminates sessions for security
This ensures that when a user is logged out of Okta, they are also logged out of Fullcast.
Note: The access token lifetime is 24 hours.
Just-In-Time (JIT) Provisioning
With JIT provisioning enabled, users are automatically created in Fullcast when they first sign in via Okta.
How it works:
When a user authenticates via Okta for the first time, Fullcast checks if your tenant is available for user creation
A new user account is automatically created with the username and name from Okta
The user is granted access to Fullcast by admin
Info: Role assignment is managed separately within Fullcast and is not currently mapped from Okta attributes.
If you encounter any issues during configuration or login, please contact Fullcast support at customersupport@fullcast.com