Quickture uses OpenID Connect (OIDC) for single sign-on authentication and SCIM 2.0 for user provisioning. This integration enables you to:
- Allow users to sign in to Quickture using their Okta credentials
- Automatically provision and deprovision user accounts in Quickture
- Manage user access to Quickture from your Okta admin console
Before you begin, ensure you have:
- An Okta administrator account
- An Enterprise Quickture license. Sign up or contact support@quickture.com to get started.
- An Admin user for your Quickture account
- An OIDC connection with Quickture, covered in the Okta SSO Configuration Guide
The SSO Setup Wizard in the Quickture Dashboard is designed to help you configure both SSO and SCIM in a single step-by-step flow. Sign in as the Quickture Admin user to get started. This SCIM Configuration Guide contains greater detail about SCIM; however, the SSO Configuration Guide or the Setup Wizard is sufficient for most setups.
This guide starts at the SCIM step of the SSO Setup Wizard.
- Create users
- Update user attributes
- Deactivate users
- Import users
With your Okta administrator account open in one browser tab, and your Quickture administrator account open in another tab, after setting up the Client ID and Secret for OIDC, a SCIM Bearer Token will be made available to copy. For security, this is the only time it will be shown in the Quickture Dashboard. Note that you may generate a new token at any time (see Maintenance below).
1. Click on the Provisioning tab of your Okta Quickture App.
2. Click Integration in the sidebar (near "To App" and "To Okta" links).
3. Click Edit in the Integration section.
4. Check Enable API integration.
5. Paste the SCIM Bearer Token from the Quickture Dashboard into the API Token field.
6. Click Test API Credentials to verify the connection.
7. Click Save to complete the setup.
8. Click Complete Setup in the Quickture dashboard.
1. In the Quickture application in Okta, go to the Assignments tab.
2. Click Assign and select Assign to People or Assign to Groups.
3. Search for and select the users you want to grant access to Quickture.
4. Click Assign for each user.
5. Click Done.
The assigned users should now be able to log in to the Quickture Dashboard and to the Quickture Panel in Avid or Premiere. The Dashboard is where they may download the latest versions of the Avid and Premiere integrations.
Once SSO is set up, users will log in to the Quickture panel in Avid or Premiere using their Okta credentials:
1. Users click Sign In in the panel.
2. They will be redirected to a Quickture login page in a web browser.
3. After entering their email address, they will be redirected to Okta if they are not already logged in.
4. Upon successful Okta login, they may close the browser.
5. They will then be able to use the panel in Avid / Premiere.
At this time, there is no default expiration for SCIM bearer tokens. However, at any time you may rotate the token:
1. Navigate to the SSO Management page in the Quickture Dashboard.
2. Find your Okta connection and click Manage.
3. Click Generate New Token under the list of current SCIM tokens.
4. You will be presented with a hidden token and a button to copy it to the clipboard. This particular token will only be available this one time, so you must copy it before closing the window.
5. In another browser tab, open your Okta Admin Console.
6. Navigate to the Quickture application.
7. Go to the Provisioning tab.
8. Click Integration in the left sidebar.
9. Paste the new token in the API Token field.
10. Click Test Connection.
11. If successful, click Save.
You may have up to 2 tokens at any given time. If you want to generate another, you must delete one of your previous tokens.
It is also possible to delete a connection in the SSO Management page. If you delete and create a new connection, you will need to un-assign and re-assign your users to the app in Okta in order for them to regain access.
Okta Attribute | SCIM Attribute | Required |
login | userName | Yes |
Yes | ||
firstName | givenName | Yes |
lastName | familyName | Yes |
displayName | displayName | No |
locale | locale | No |
organization | organization | No |
department | department | No |
If you wish to make use of additional attributes, contact support@quickture.com.
These mappings are not needed and may cause PUT operation failures:
Primary email type
Primary phone type
Address type
Redirect URI: https://auth.quickture.com/login/callback
Initiate login URI: https://dashboard.quickture.com/startlogin
Create Users
Update User Attributes
Deactivate Users
If you encounter issues with your integration, verify the following:
The user is assigned to the application in Okta.
The user is entering the email address associated with their Okta user for Quickture sign-in.
The domain in the user’s email address is associated with your organization and matches an email domain from Step 1 of the SSO Configuration Guide.
The SCIM Bearer Token is valid and has not expired
On the General tab of the Okta Admin page for the app, the Connection ID matches the value found on the Quickture SSO Management page.
The Client ID and Client Secret have been properly set in the Quickture SSO Management page
The Login URIs are correctly configured
User User Attribute Mappings are correct
The Create, Update User Attributes, and Deactivate Users checkboxes are enabled in the To App section of the Provisioning tab.
Note: If at any time, you delete your connection to Okta in the Quickture SSO Management page and create a new connection, you will need to un-assign and re-assign your users to the app in order for them to regain access.
Quickture Help: https://help.quickture.com
Okta SCIM Documentation: https://developer.okta.com/docs/reference/scim/
Quickture Discord: https://discord.gg/Xw5nqxbn
Quickture email support: support@quickture.com
