Let us know if this article was helpful. It would help us improve our content for you and other customers in the future.
WiseStamp provides an easy and secure way to streamline your login process with Single Sign-On (SSO) support. This guide will help you configure SSO with popular identity providers such as Okta, OneLogin, and Azure. It will walk you through the step-by-step process of setting up SSO in each of these platforms, followed by setting permissions in Okta. By implementing SSO, you will not only enhance your account's security but also simplify the login process for your WiseStamp administrators.
!note!Please note, SSO login is only available in specific WiseStamp plans. For more information please contact your WiseStamp customer success manager or schedule a demo with one of our sales representatives.!/note!
To configure SSO in Okta:
- Log into your Okta account.
- From the Okta dashboard, click Applications in the top menu.
- Click the Applications tab and then click Add Application.
- Search for WiseStamp in the search bar and click the WiseStamp app that appears.
- Click Next to move to the Sign On section.
- In the Sign On section, select SAML 2.0 as the Sign On method.
- In the General section, enter the following values:
- Single sign on URL - https://webapp.wisestamp.com/api/saml/callback
- Audience URI (SP Entity ID) - https://webapp.wisestamp.com/api/saml/login
- Click Next to move to the Feedback section and then click Finish to complete the app creation.
!important! Verify that use this for Recipient URL and Destination URL is selected. !/important!
After completing the configuration, on the Sign On tab, click View SAML setup instructions. A page with setup information is displayed. The required metadata is displayed on the bottom of this page
Copy and paste the metadata into a file to avoid typos, and send it to firstname.lastname@example.org, so we can further configure the SSO on our end. We will inform you as soon as the SSO is working for your domain.
!note! The WiseStamp representative will then be able to provide you with the Default RelayState ID. Paste the RelayState ID provided by the WiseStamp representative in the Default RelayState field to allow automatic login from the App List. !/note!
Setting permissions in Okta
You can select specific people or groups from your organization to provide permissions to see the WiseStamp app. We recommend setting this according to your administrators that are managing WiseStamp, as only they will be able to log in using SSO.
!tip! To set permissions in Okta, go to Assignments and select People or Groups. !/tip!
SSO configuration in OneLogin
To configure SSO in OneLogin:
- Log into your OneLogin account.
- Select Applications → Applications from the menu.
- On the top right corner, click Add App.
- Search for SAML test and select SAML Test Connector (Idp).
- Select the Configuration tab and enter the following values:
- RelayState -> [Obtain from WiseStamp]
- Audience -> https://webapp.wisestamp.com/api/saml/login
- Recipient -> https://webapp.wisestamp.com/api/saml/login
- ACS (Consumer URL validator) -> https://webapp.wisestamp.com/api/saml/login
- In the top right corner, click More Actions and select SAML Metadata. This downloads an XML file to your computer.
- Share the downloaded XML file with WiseStamp at email@example.com.
- A WiseStamp representative will then provide you with the RelayState ID.
- Paste the RelayState ID provided by the WiseStamp representative in the RelayState field.
!important! Click Save to complete the app creation. !/important!
SSO configuration in Azure
Configuring SAML 2.0 in WiseStamp using Azure SSO:
Go to Azure AD SAML Toolkit and click Single sign-on.
Under Basic SAML Configuration, click Edit.
Under Identifier (Entity ID), click Add identifier and enter URL: https://webapp.wisestamp.com
Under Reply URL (Assertion Consumer Service URL), click Add reply URL and enter URL: https://webapp.wisestamp.com/api/saml/callback
If Sign-on URL is blank, enter URL: https://webapp.wisestamp.com/api/saml/login
- Under Attributes & Claims, click Edit.
- Under Additional claims, click user.mail to edit it.
- In the name field, enter "email" (delete the word "address") and remove the value in Namespace to leave the field blank. Then, click Save.
- Scroll down to SAML Certificates and download Federation Metadata XML.
- Share the downloaded XML file with WiseStamp at firstname.lastname@example.org. This will help the WiseStamp team to configure your SSO login.