Top
Whatfix Single Sign On
  • 16 Sep 2022
  • 1 Minute To Read
  • Dark
    Light
  • PDF

Whatfix Single Sign On

  • Dark
    Light
  • PDF

Whatfix supports login with Single Sign-On (SSO). It is an authentication process that enables users to access multiple applications with one set of login credentials.

How does SSO work in Whatfix?

  1. SSO-enabled enterprises have the following login screen,sign_in_with_sso
  2. When you click Sign In with SSO, you are redirected to the configured Identity Provider.
  3. Once you enter the credentials of the Identity Provider, it is verified, and you are then redirected to your Whatfix account.
    id_verification_screen.png


Identity Providers supported by Whatfix

An Identity Provider (IdP) is an authority system that holds and verifies the user authentication information. Whatfix interacts with your IdP and trusts the information provided by the IdP to gain access to the application. Whatfix supports popular identity providers like the following,

  • Okta
  • PingFederate
  • Azure Active Directory

Any identity provider compliant with SAML 2.0 works with Whatfix SSO.


Where is the SSO login available?

You can log in with SSO in the following two places.

  • On the Whatfix homepage sign_in_with_sso
  • On the Whatfix Editor
    login_sso_editor.png

Requirements to enable SSO on your account

The following information has to be exchanged with Whatfix,

InformationDetailExample



The organization provides this information

Enterprise Name*XYZ corp
IdP EntityId*https://app.onelogin.com/saml/metadata/905b5aec-defd-4f7a-a910-dae67c220cbe
IdP SSO Service URL*https://ddash.onelogin.com/trust/saml2/http-post/sso/884595
X509 certificate*

SAML identity location*
(If the NameID is not available, you can provide the attribute element instead)

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

OR

<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="User.email"> 



Whatfix provides this information

Identifierwhatfix
ACS URL*https://whatfix.com/saml_auth/?service=samlFromIdp
Sign-on URL*https://whatfix.com/xyz-test

Your title goes here

If you face any issues while adding the mentioned Sign-On URL, you can also add the ACS URL (https://whatfix.com/saml_auth/?service=samlFromIdp) in place of the Sign-on URL. The following image shows how the ACS URL is added in place of the Sign-On URL in Okta,

sign_on_url


Relay state*

https%3A%2F%2Fwhatfix.com%2Fxyz-test%[email protected]


Relay state* (EU Dashboard)

https%3A%2F%2Feu.whatfix.com%2Fxyz-test%[email protected]

* The value of each detail varies for every organization. For more details, contact [email protected].

Note
  • SSO users can't see the Change Password option in the admin menu. Any password changes need to be performed at the Identity Provider level.
  • Every time a user clicks Sign In with SSO, they are redirected to their Identity Provider's login page.
  • Currently, Whatfix does not support SLO (Single Log Out). When a user signs out of a Whatfix account, it does not log them out of the IdP.
  • The user has to provide configuration parameters so that Whatfix can establish an interface with their Identity Provider.

Enable Single Sign-On

To enable SSO for your Whatfix account, contact [email protected].

Was this article helpful?


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.