Top
Whatfix Mobile Single Sign On
  • 11 Oct 2024
  • 2 Minutes To Read
  • Dark
    Light
  • PDF

Whatfix Mobile Single Sign On

  • Dark
    Light
  • PDF

Article summary

Whatfix supports login with Single Sign-On (SSO). SSO is an authentication process that enables users to access multiple applications with one set of login credentials.

Your title goes here

To enable SSO for your Whatfix account, contact support@whatfix.com.

How does SSO work in Whatfix?

  1. Click Sign In with SSO on your login screen.

  2. In the SSO Sign in screen, enter your email address and then click Sign In.

  3. On the Identity Provider screen that opens, enter your authentication information.

    id_verification_screen.png

Your title goes here

Once you enter the credentials of the Identity Provider, it is verified and you are then redirected to the Whatfix account

Identity Providers supported by Whatfix

An Identity Provider (IdP) is an authority system that holds and verifies the user authentication information. Whatfix interacts with your IdP and trusts the information provided by the IdP to gain access to the application. Whatfix supports the following identity providers:

  • Okta

  • PingFederate

  • Azure Active Directory

Any identity provider compliant with SAML 2.0 works with Whatfix SSO.


Requirements to enable SSO on your account

The following information has to be exchanged with Whatfix.

Information

Detail

Example

The organization provides this information

Enterprise Name*

XYZ corp

IdP EntityId*

https://app.onelogin.com/saml/metadata/905b5aec-defd-4f7a-a910-dae67c220cbe

IdP SSO Service URL*

https://ddash.onelogin.com/trust/saml2/http-post/sso/884595

X509 certificate*

SAML identity location*


(If the NameID is not available, you can provide the attribute element instead)

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

OR

Whatfix provides this information

Identifier/Audience URI/Entity ID

whatfix

ACS URL* (US)

https://whatfix.com/saml_auth/?service=samlFromIdp

ACS URL* (India)

https://whatfix.com/saml_auth/?service=samlFromIdp

ACS URL* (EU Dashboard)

https://eu.whatfix.com/saml_auth/?service=samlFromIdp

Sign-on URL*

US: https://leap-eus.whatfix.com/sso-login

India: https://leap-in.whatfix.com/sso-login

EU: https://leap-eu.whatfix.com/sso-login

Your title goes here

  • If you face any issues while adding the mentioned Sign-on URL, you can also add the ACS URL (https://whatfix.com/saml_auth/?service=samlFromIdp) in place of the Sign-on URL.

  • For example, in Okta, the ACS URL can added in place of the Sign-on URL.
    sign_on_url

Relay state*

Relay State is dynamic and will be different for every organization. Contact your Whatfix representative to get your Relay State.


Relay state* (EU Dashboard)

Relay State is dynamic and will be different for every organization. Contact your Whatfix representative to get your Relay State.

* The value of each detail varies for every organization. For more details, contact support@whatfix.com.

Your title goes here

  • Logging in via IdP is not supported when you have multiple accounts or ENTs. This is because the Sign-On URL is different for each account, or ENT.

  • You cannot configure both non-EU and EU Whatfix accounts simultaneously via SSO login since the ACS URL domain is different for non-EU and EU accounts.

Your title goes here

  • SSO users can't see the Forgot Password option in the admin menu. All password changes need to be performed at the Identity Provider level.

  • Every time a user clicks Sign In with SSO, they are redirected to their Identity Provider's login page.

  • Currently, Whatfix does not support SLO (Single Log Out). When a user signs out of a Whatfix account, it does not log them out of the IdP.

  • The user has to provide configuration parameters for Whatfix to establish an interface with their identity provider.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.