WiseStamp provides an easy and secure way to streamline your sign-in process with Single Sign-On (SSO) support. This guide provides you with the information needed to configure SSO with popular identity providers such as Okta, OneLogin, and Microsoft Entra ID. It walks you through the step-by-step process of setting up SSO in each of these platforms. By implementing SSO, you will not only enhance your account's security but also simplify the sign-in process for your WiseStamp administrators.
The configuration process requires the following procedures:
Create the SSO domain in WiseStamp.
Create and configure the WiseStamp app in the relevant SSO provider.
Copy the XML code of the SSO domain in WiseStamp.
Procedures 1 and 3 are performed by WiseStamp. This article describes the procedures to perform the configuration of the following identity providers:
Create the SSO domain
This procedure is performed by the WiseStamp support team. Once the SSO domain is created, you will be given the Provider ID, which is required for the following procedures.
Configure SSO in Okta
To configure SSO in Okta:
Sign in to your Okta account.
From the left panel, select Applications > Applications.
On the Applications page, click Create App Integration.
On the pop-up, select SAML 2.0 and click Next.
On the Create SAML Integration page, enter WiseStamp for the App name and click Next.
Configure SAML as follows:
In the Single Sign-On URL box, enter the following:
https://webapp.wisestamp.com/api/saml/callbackIn the Audience URI (SP Entity ID) box, enter the following:
https://webapp.wisestamp.com/api/saml/loginIn the Default RelayState box, enter the Provider ID given to you by the WiseStamp support team.
In the Name ID format box, select EmailAddress.
Click Next.
For the Feedback definition, Okta needs to know more about WiseStamp. Perform the following:
Select I'm an Okta customer adding an internal app.
Select It's required to contact the vendor to enable SAML.
Click Finish. The WiseStamp App Integration page appears.
Send the IP metadata information to WiseStamp, as follows:
Go to the SAML Signing Certificates section on the WiseStamp App Integration page.
Select Actions > View IDP metadata for the active certificate.
The IDP metadata is displayed. Select the metadata and copy it to a txt file.
Send the file to our support team, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your organization.
Assign permissions in Okta
You can select specific people or groups from your organization to assign permissions to the WiseStamp app. We recommend that you assign permissions to your administrators who manage WiseStamp, as only they will be able to sign in using SSO.
To assign permissions in Okta, go to the Applications page and click the Assignments tab. Then select the People and/or Groups of your administrators.
Configure SSO in Google Workspace
To configure SSO in Google Workspace:
Sign in to your Google Workspace account and go to the Admin console.
From the left menu, click Apps and select Web and mobile apps.
On the Web and mobile apps page, click Add app and select Add custom SAML app.
On the App details page, enter the name of the new app, such as “WiseStamp”, and click CONTINUE.
On the next page, click CONTINUE again. The Service provider details page opens.
Define the service provider information as follows:
In the ACS URL field, enter the following:
https://webapp.wisestamp.com/api/saml/callbackIn the Entity ID field, enter the following:
https://webapp.wisestamp.comIn the Default RelayState box, enter the Provider ID given to you by the WiseStamp support team.
On the Name ID format dropdown list, select EMAIL.
Click CONTINUE.
On the Attribute mapping page, click FINISH.
In the User access section, click ∨.
In the page that opens, select the groups and organization units to define the users, and click SAVE.
In the breadcrumb, click the name of the app to go to the previous page.
Send the Metadata XML code to WiseStamp, as follows:
Click DOWNLOAD METADATA.
On the pop-up, click DOWNLOAD METADATA.
Send the downloaded file to our support team, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your organization.
Configure SSO in OneLogin
To configure SSO in OneLogin:
Log in to your OneLogin account.
Select Applications → Applications from the menu.
In the top right corner, click Add App.
Search for SAML test and select SAML Test Connector (Idp).
Select the Configuration tab and enter the following values:
RelayState -> [Obtain from WiseStamp]
Audience -> https://webapp.wisestamp.com/api/saml/login
Recipient -> https://webapp.wisestamp.com/api/saml/callback
ACS (Consumer URL validator) -> ^https:\/\/webapp\.wisestamp\.com\/api\/saml\/?(\?.*)?$
ACS (Consumer) URL -> https://webapp.wisestamp.com/api/saml/callback
In the top right corner, click Save
In the top right corner, click More Actions and select SAML Metadata. This downloads an XML file to your computer.
Send the downloaded XML file to our support team.
Click Save to complete the app creation.
Configure SSO in Microsoft Entra ID:
To configure SSO in Microsoft Entra ID:
Sign in to your Microsoft Entra ID account and go to Enterprise applications.
Click New application. The Browse Microsoft Extra Gallery page opens.
Click Create your own application.
Enter the name of the new app, such as WiseStamp, and click Create. The configuration page for the new app opens.
Click Properties from the left menu and set Assignment required to No.
Click Save.
Optionally, click Owners from the left menu. Then click add and select the owner from the list of users.
Click Users and groups from the left menu.
Select the specific people or groups from your organization to assign permissions to the app and click Assign.
Click Single sign-on from the left menu and click SAML.
Define the basic SAML configuration as follows:
In the Basic SAML configuration section, click … and select Edit.
In the Identifier (Entity ID) section, click Add identifier and enter the following:
https://webapp.wisestamp.comIn the Reply URL (Assertion Consumer Service URL) section, click Add reply URL and enter the following:
https://webapp.wisestamp.com/api/saml/callbackIn the Sign on URL (Optional) section, enter the following:
https://webapp.wisestamp.com/api/saml/login?sso_provider_id=<provider_id>
Where <provider_id> is the Provider ID given by the WiseStamp Support team.
For example, if Provider ID = 1234567890123456, enter the following:
https://webapp.wisestamp.com/api/saml/login?sso_provider_id=1234567890123456Click Save and close the pop-up.
Define the clams as follows:
In the Attributes & Claims section, click … and select Edit.
In the Additional claims list, click the row where the Value is set to user mail. The Manage claim page opens for this claim.
Change the value for the Name to email (delete the word "address").
Delete the value for Namespace to leave the field blank.
Click Save
Close the Attributes & Claims page by clicking SAML-based Sign-on in the breadcrumbs.
Send the Federation Metadata XML code to WiseStamp, as follows:
In the SAML Certificate section, click Download to the right of Federation Metadata XML.
The Federation Metadata XML code is displayed. Select the code and copy it to a txt file.
Send the file to our support team, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your organization.
We recommend that you assign permissions to your administrators who manage WiseStamp, as only they will be able to sign in using SSO.