Single Sign-On (SSO) Guide

Single Sign-On (SSO) allows users to authenticate with multiple applications or services using a single set of login credentials. To configure SSO in Webfuse, you will need to follow these steps:

1. Download the identity provider metadata from the IdP (Identity Provider) you will be using for authentication. The metadata contains information about the IdP, such as the SSO URL, Entity ID, and certificate.

2. Log in to the Webfuse Studio and open SSO settings page . Here, you can provide the IdP metadata URL to import the IdP metadata for SSO.

3. For SSO login ID, provide a unique name that will be used to generate the SSO login URL. This will typically be the name of your organization or application.

4. The fields for SSO URL, Entity ID, Certificate and Redirect URL on log out will be retrieved from the IdP metadata you imported in step 2. These fields are important because they allow Webfuse to communicate with the IdP and verify user credentials.

Save and generate IdP data.

5. Once you have completed this configuration, you will be able to retrieve Service Provider Entity ID, Assertion Consumer Service URL. Enter them as Identifier (Entity ID) and the Assertion Consumer Service POST Binding URL in the IDP configuration.

Also you can copy the SSO login URL from the Webfuse Studio and paste it in the IdP configuration.

By following these steps, you can configure SSO in Webfuse and allow your users to log in with a single set of credentials.

Tip

• You need to check “Enable Single sign-on” to turn on SSO for your Webfuse account.

• Once SSO is enabled, only users with Admin level privileges in Webfuse will be able to log in to Webfuse Space using email/password credentials or reset their Webfuse password.

• To allow Webfuse to create user accounts automatically based on the information provided by the IdP, you need to check “Enable auto provisioning”. Without this, only users who have been manually created in Webfuse will be able to log in using SSO.

• You can configure the mappings between Service provider attributes and Identity provider user profile fields to map the user attributes from the IdP to the user attributes in Webfuse.

• Users who are created through SSO will have the “User” role in Webfuse by default. Only users with Admin level privileges in Webfuse can change a user’s role.

• Users created in Webfuse through auto-provisioning will not be automatically deleted when they are removed from the IdP.