Top
Whatfix Single Sign On
  • 24 Mar 2022
  • 1 Minute To Read
  • Dark
    Light
  • PDF

Whatfix Single Sign On

  • Dark
    Light
  • PDF

Whatfix supports login with Single sign-on (SSO). It is an authentication process that enables users to access multiple applications with one set of login credentials.

your title goes here
To enable SSO for your Whatfix account, contact [email protected].

How does SSO work in Whatfix?

  1. SSO enabled enterprises have the following login screen.
    whatfix_website_login_sso
  2. When the LOGIN WITH SSO button is clicked, the user is redirected to the configured identity provider.
  3. Once you enter the credentials of the identity provider, it gets verified and is redirected to the Whatfix account.
    id_verification_screen.png


Identity Providers supported by Whatfix

Identity Provider (IdP) is the authority system that holds and verifies the user authentication information. Whatfix interacts with your IdP and trusts the information provided by the IdP to gain access to the application. Whatfix supports popular identity providers like the following,

  • Okta
  • PingFederate
  • Azure Active Directory

Any identity provider compliant with SAML 2.0, works with Whatfix SSO.


Where is the SSO login available?

You can login with SSO in the following two places.

  • On the Whatfix homepage
    whatfix_website_login_sso
  • On the Whatfix Editor
    login_sso_editor.png

Requirements to enable SSO on your account

The following information has to be exchanged with Whatfix.

InformationDetailExample



Organization provides this information

Enterprise Name*XYZ corp
IdP EntityId*https://app.onelogin.com/saml/metadata/905b5aec-defd-4f7a-a910-dae67c220cbe
IdP SSO Service URL*https://ddash.onelogin.com/trust/saml2/http-post/sso/884595
X509 certificate*

SAML identity location*
(If the NameID is not available, you can provide the attribute element instead)

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

OR

<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="User.email"> 



Whatfix provides this information

Identifierwhatfix
ACS URL*https://whatfix.com/saml_auth/?service=samlFromIdp
Sign-on URL*https://whatfix.com/xyz-test
Relay state*https%3A%2F%2Fwww.whatfix.com%2Fxyz-test%[email protected]d5f2f450-94b9-11e8-8f2f-04013d24cd02

* The value for each detail varies for each organization. For more details, contact  [email protected]

Note
  • SSO users can't see the Change Password option in the admin menu. Any password changes need to be performed at the identity provider level.
  • Every time user clicks on LOGIN WITH SSO, they are redirected to their identity provider's login page.
  • We currently do not support SLO (Single Log Out). When a user signs out of a Whatfix account, it does not log them out of the IdP.
  • The user has to provide configuration parameters for Whatfix to be able to establish an interface with their identity provider.

Was This Article Helpful?


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.