- Resistant AI-managed accounts (Okta-managed)
- Federated SSO via your Identity Provider (SAML 2.0 or OIDC)
Web UI authentication is for human users in the UI and is separate from Documents API authentication.
How to choose
- Choose Okta-managed for the fastest setup, smaller teams, PoCs, or when you don’t require federated identity.
- Choose Federated SSO if you need enterprise governance (MFA, conditional access, automated offboarding, auditability).
Option 1 — Resistant AI-managed accounts (Okta-managed)
This is the simplest setup when you want Resistant AI to manage user accounts directly. How it works- Resistant AI provisions user accounts for your tenant
- Users complete an invitation/activation flow
- Users sign in via Resistant AI’s Okta tenant
- Smaller teams
- PoCs and early-stage deployments
- Customers without a strong preference for federated identity
- List of users to provision (business email + name)
- Which stage(s): Testing and/or Production
- Desired role level (read-only vs read-write)
Option 2 — Federated SSO (recommended for enterprise)
Federated SSO allows users to authenticate with your existing corporate IdP and policies. Supported standards- SAML 2.0 (most common for enterprise)
- OIDC (where applicable)
- Enterprise IAM governance
- Centralized MFA and conditional access
- Automated joiner/mover/leaver processes
- IdP metadata / configuration details required for setup
- Attribute mapping (at minimum: email, first name, last name)
- Optional: role assignment mapping rules (e.g., read-only vs read-write)
Roles (high level)
- Read-only: view results
- Read-write: submit documents and view results
Testing environment caveat
Testing and production are separate environments.- Users must be assigned/provisioned for the testing tenant/app specifically
- Federated SSO is typically configured separately for testing vs production tenants