Enable Okta Universal Logout for ScribbleMaps

Who can use this feature

• Okta Admins
• Supported via the Okta Admin dashboard

Overview

As an Okta Admin, you can leverage Okta's Universal Logout feature to trigger logout from Okta and extend it to ScribbleMaps. Because ScribbleMaps is included in the Okta Integration Network (OIN) app catalog, you only need to enable it through the Okta dashboard.

Universal Logout is supported by default in ScribbleMaps for any team with SSO (SAML or OIDC) configured. No additional configuration is required within ScribbleMaps.

When Okta detects an identity threat or an admin initiates a logout, Okta sends a server-to-server request to ScribbleMaps to immediately revoke all active sessions for the affected user. This operates entirely outside the context of the user's browser, ensuring sessions are terminated even if the user is not actively using the application.

Requirements

• A ScribbleMaps Team workspace with SSO (SAML or OIDC) configured
• An Okta tenant
• An Okta user account with Admin privileges

Enable Universal Logout in Okta

1. Log into the Okta Admin Console.
2. Select Applications > Applications from the left navigation.
3. Select the ScribbleMaps app integration.
4. Go to the Authentication tab.
5. In the Logout section, click Edit.
6. Check the Okta system or admin initiates logout checkbox.
7. Click Save.

How it works

When Universal Logout is triggered from Okta (for example, due to a detected security threat or an admin-initiated action):

1. Okta sends a signed JWT (Security Event Token) to the ScribbleMaps Universal Logout endpoint.
2. ScribbleMaps validates the JWT signature using Okta's JSON Web Key Set (JWKS).
3. ScribbleMaps identifies the affected user by their email address.
4. All active sessions for that user are immediately revoked across all platforms (desktop, mobile, and lite).
5. The user is required to re-authenticate on their next access attempt.

Technical details

Troubleshooting