Whatfix Single Sign On
- 03 Feb 2023
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
Whatfix Single Sign On
- Updated On 03 Feb 2023
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
Whatfix supports login with Single Sign-On (SSO). SSO is an authentication process that enables users to access multiple applications with one set of login credentials.
How does SSO work in Whatfix?
- SSO-enabled enterprises have the following login screen,
- When you click Sign In with SSO, you are redirected to the configured Identity Provider.
- Once you enter the credentials of the identity provider, it is verified and you are then redirected to the Whatfix account.
Identity Providers supported by Whatfix
An Identity Provider (IdP) is an authority system that holds and verifies the user authentication information. Whatfix interacts with your IdP and trusts the information provided by the IdP to gain access to the application. Whatfix supports popular identity providers like the following,
- Okta
- PingFederate
- Azure Active Directory
Any identity provider compliant with SAML 2.0 works with Whatfix SSO.
Where is the SSO login available?
You can log in with SSO on the Whatfix homepage,
Requirements to enable SSO on your account
The following information has to be exchanged with Whatfix.
| Information | Detail | Example |
|---|---|---|
The organization provides this information | Enterprise Name* | XYZ corp |
| IdP EntityId* | https://app.onelogin.com/saml/metadata/905b5aec-defd-4f7a-a910-dae67c220cbe | |
| IdP SSO Service URL* | https://ddash.onelogin.com/trust/saml2/http-post/sso/884595 | |
| X509 certificate* |
| |
| SAML identity location* (If the NameID is not available, you can provide the attribute element instead) | <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> OR <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="User.email"> | |
Whatfix provides this information | Identifier | whatfix |
| ACS URL* | https://whatfix.com/saml_auth/?service=samlFromIdp | |
| Sign-on URL* | https://whatfix.com/xyz-test Your title goes here If you face any issues while adding the mentioned Sign-on URL, you can also add the ACS URL (https://whatfix.com/saml_auth/?service=samlFromIdp) in place of the Sign-on URL. The following image shows how the ACS URL is added in place of the Sign-On URL in Okta,
| |
| Relay state* | https%3A%2F%2Fwhatfix.com%2Fxyz-test%2F@d5f2f450-94b9-11e8-8f2f-04013d24cd02 | |
| Relay state* (EU Dashboard) | https%3A%2F%2Feu.whatfix.com%2Fxyz-test%2F@d5f2f450-94b9-11e8-8f2f-04013d24cd02 |
* The value of each detail varies for every organization. For more details, contact support@whatfix.com.
Info
- SSO users can't see the Change Password option in the admin menu. Any password changes need to be performed at the Identity Provider level.
- Every time a user clicks Sign In with SSO, they are redirected to their Identity Provider's login page.
- Currently, Whatfix does not support SLO (Single Log Out). When a user signs out of a Whatfix account, it does not log them out of the IdP.
- The user has to provide configuration parameters for Whatfix to establish an interface with their identity provider.
Your title goes here
If a user has access to more than one enterprise(ENT) and logs into any one of them using SSO, they are automatically logged into all the other SSO-enabled ENTs that they have access to. Thus, they can switch between enterprises from their Whatfix Dashboard.
.gif?sv=2019-07-07&sig=2XOrMyaFl4vbM95dajzqugvQCStchauQ6sWP716YDkg%3D&spr=https%2Chttp&st=2023-03-26T18%3A08%3A10Z&se=2023-03-26T18%3A18%3A10Z&srt=o&ss=b&sp=r)
Enable Single Sign-On
To enable SSO for your Whatfix account, contact support@whatfix.com
Was this article helpful?