Set up Single Sign On

Step 1: Access SSO Configuration

1. On the Whatfix Guidance dashboard, click Settings.

   

2. Under Setup, click SSO and authentication.

   

3. On the Set up SSO section, click Start.

Note:

Here’s what you can do once SSO is enabled on the Whatfix Guidance dashboard:

• Dashboard authentication: Enhance Whatfix dashboard security by controlling who has access.

• End-user authentication: Ensure secure and accurate end-user identification.

• Additional user attribute addition: Capture end-user attributes to perform role-based segmentation.

The Whatfix Single Sign-on page displays the following stages:

• Whatfix information

• Identity provider information

• Test and enable

Step 2: Add Whatfix information

1. Under the Whatfix information step, copy the following details from the dashboard using the copy icon and paste them into your Identity provider:

The following table describes the Whatfix information on the dashboard:

b. Click Continue.

Step 3: Add Identity provider information

1. Choose how you want to share your identity provider configuration with Whatfix, using any of the following methods:

   

• Option 1 - Upload XML file: Upload your SAML metadata XML file to extract details automatically. The XML file can be fetched from your IdP.

  

• Option 2 – Enter manually: Manually enter the following fields:

  

  The following table describes the information that you need to enter manually:

  Manual Data	Description
  Identity provider	Your identity provider is the service that manages logins and passwords for your users.
  Issuer	Issuer is similar to the unique “digital ID card” for your company’s login system (where you prove who you are).
  Single Sign-on URL	The Single Sign-on URL is the web address where the Identity Provider handles requests to verify who you are for single sign-on.
  X509 Certificate	An X509 certificate is a digital ID that proves a website or person is genuine and helps secure online communication.
  SAML Identity Location	SAML identity location tells the system where to find your unique user ID within the digital login message.

  b. Click Continue.  

Step 4: Perform Test and enable

1. Under Test your single sign-on setup, click Run test to simulate and verify your SSO connection.

   

You are redirected to your identity provider’s sign-in page (for example, Okta). Once the test is completed, you can see the message Test successful.  

2. Enable the Dashboard authentication toggle to activate the SSO login for admins and content authors.

3. In the dialog box, click Confirm.

   

4. Once the authentication is done, click Save.

Info:

• You cannot configure both US and EU Whatfix accounts simultaneously via the same SSO configuration since the ACS URL domain is different for both US and EU accounts.

• SSO users cannot view the Change Password option in the admin menu. You must perform any changes at the Identity Provider level.

• Currently, Whatfix does not support SLO (Single Log Out). When a user signs out of a Whatfix account, it does not log them out of the IdP.

• If a user has access to more than one enterprise (ENT) and logs into any one of them using SSO, they are automatically logged into all the other ENTs that have the same SSO configurations. Thus, they can switch between enterprises from their Whatfix Dashboard.

• Once you complete dashboard authentication, you can set up the end-user authentication process. For more information, see how to set up end-user authentication.

  

The following information is exchanged with Whatfix to enable SSO for your account:

* The value of each detail varies for every organization. For more details, contact support@whatfix.com.

If you have deployed Whatfix content on your application, the End-user authentication feature prompts your end users to authenticate themselves with valid credentials using your organization’s Single Sign-on (SSO). For more information, see Set up End-User Authentication.