Let us know if this article was helpful. It would help us improve our content for you and other customers in the future.
SSO Sign in Configuration
WiseStamp provides an easy and secure way to streamline your sign in process with Single Sign-On (SSO) support. This guide provides you the information needed to configure SSO with popular identity providers such as Okta, OneLogin, and Azure. It walks you through the step-by-step process of setting up SSO in each of these platforms. By implementing SSO, you will not only enhance your account's security but also simplify the sign in process for your WiseStamp administrators.
!note!Please note, SSO sign in is only available in specific WiseStamp plans. For more information please contact your WiseStamp customer success manager or schedule a demo with one of our sales representatives.!/note!
The configuration process requires the following procedures:
- Create the SSO domain in WiseStamp.
- Create and configure the WiseStamp app in the relevant SSO provider.
- Copy the XML code of the SSO domain in WiseStamp.
Procedures 1 and 3 are performed by WiseStamp. This article describes the procedures to perform the configuration of the following identity providers:
Create the SSO domain
This procedure is performed by the WiseStamp support team. Once the SSO domain is created, you will be given the Provider ID, which is required for the following procedures.
Configure SSO in Okta
To configure SSO in Okta:
- Sign in to your Okta account.
- From the left panel, select Applications > Applications.
- On the Applications page, click Create App Integration.
- On the pop-up, select SAML 2.0 and click Next.
- On the Create SAML Integration page, enter WiseStamp for the App name and click Next.
- Configure SAML as follows:
- In the Single sign-on URL box, enter the following:
https://webapp.wisestamp.com/api/saml/callback - In the Audience URI (SP Entity ID) box, enter the following:
https://webapp.wisestamp.com/api/saml/login - In the Default RelayState box, enter the Provider ID given to you by the WiseStamp support team.
- In the Name ID format box, select EmailAddress.
- Click Next.
- In the Single sign-on URL box, enter the following:
- For the Feedback definition, Okta needs to know more about WiseStamp. Perform the following:
- Select I'm an Okta customer adding an internal app.
- Select It's required to contact the vendor to enable SAML.
- Click Finish. The WiseStamp App Integration page appears.
- Send the IP metadata information to WiseStamp, as follows:
- Go to the SAML Signing Certificates section, on the WiseStamp App Integration page.
- Select Actions > View idp metadata for the active certificate.
- The idp metadata is displayed. Select the metadata and copy it to a txt file.
Send the file to support@wisestamp.com, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your domain.
Assign permissions in Okta
You can select specific people or groups from your organization to assign permissions to the WiseStamp app. We recommend that you assign permissions to your administrators that manage WiseStamp, as only they will be able to sign in using SSO.
!tip! To assign permissions in Okta, go to the Applications page and click the Assignments tab. Then select the People and/or Groups of your administrators.!/tip!
Configuration SSO in Google Workspace
To configure SSO in Google Workspace:
- Sign in to your Google Workspace account and go to the Admin console.
- From the left menu, Click Apps and select Web and mobile apps.
- On the Web and mobile apps page, click Add app and select Add custom SAML app.
- On the App details page, enter the name of the new app, such as “WiseStamp”, and click CONTINUE.
- On the next page, click CONTINUE again. The Service provider details page opens.
- Define the service provider information as follows:
- In the ACS URL field, enter the following:
https://webapp.wisestamp.com/api/saml/callback - In the Entity ID field, enter the following:
https://webapp.wisestamp.com - In the Default RelayState box, enter the Provider ID given to you by the WiseStamp support team.
- On the Name ID format dropdown list, select EMAIL.
- Click CONTINUE.
- In the ACS URL field, enter the following:
- On the Attribute mapping page, click FINISH.
- In the User access section, click ∨.
- In the page that opens, select the groups and organization units to define the users, and click SAVE.
- In the breadcrumb, click the name of the app to go to the previous page.
- Send the Metadata XML code to WiseStamp, as follows:
- Click DOWNLOAD METADATA.
- On the popup, Click DOWNLOAD METADATA.
- Send the downloaded file to support@wisestamp.com, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your domain.
Configure SSO in OneLogin
To configure SSO in OneLogin:
- Log into your OneLogin account.
- Select Applications → Applications from the menu.
- On the top right corner, click Add App.
- Search for SAML test and select SAML Test Connector (Idp).
- Select the Configuration tab and enter the following values:
- RelayState -> [Obtain from WiseStamp]
- Audience -> https://webapp.wisestamp.com/api/saml/login
- Recipient -> https://webapp.wisestamp.com/api/saml/login
- ACS (Consumer URL validator) -> https://webapp.wisestamp.com/api/saml/login
- In the top right corner, click More Actions and select SAML Metadata. This downloads an XML file to your computer.
- Share the downloaded XML file with WiseStamp at support@wisestamp.com.
- A WiseStamp representative will then provide you with the RelayState ID.
- Paste the RelayState ID provided by the WiseStamp representative in the RelayState field.
!important! Click Save to complete the app creation. !/important!
Configure SSO in Azure
To configure SSO in Azure:
- Sign in to your Azure account and go to Enterprise applications.
- Click New application. The Browse Microsoft Extra Gallery page opens.
- Click Create your own application.
- Enter the name of the new app, such as WiseStamp, and click Create. The configuration page for the new app opens.
- Click Properties from the left menu and set Assignment required to No.
- Click Save.
- Optionally, click Owners from the left menu. Then click add and select the owner from the list of users.
- Click Users and groups from the left menu.
- Select the specific people or groups from your organization to assign permissions to the app and click Assign..
!tip!We recommend that you assign permissions to your administrators that manage WiseStamp, as only they will be able to sign in using SSO.!/tip! - Click Single sign-on from the left menu and click SAML.
- Define the basic SAML configuration as follows:
- In the Basic SAML configuration section, click … and select Edit.
- In the Identifier (Entity ID) section, click Add identifier and enter the following:
https://webapp.wisestamp.com - In the Reply URL (Assertion Consumer Service URL) section, click Add reply URL and enter the following:
https://webapp.wisestamp.com/api/saml/callback - In the Sign on URL (Optional) section, enter the following:
https://webapp.wisestamp.com/api/saml/login?sso_provider_id=<provider_id>
Where, <provider_id> is the Provider ID given by the WiseStamp Support team.
For example, if Provider ID = 1234567890123456, enter the following:
https://webapp.wisestamp.com/api/saml/login?sso_provider_id=1234567890123456 - Click Save and close the popup.
- Define the clams as follows:
- In the Attributes & Claims section, click … and select Edit.
- In the Additional claims list, click the row where the Value is set to user mail. The Manage claim page opens for this claim.
- Change the value for the Name to email (delete the word "address").
- Delete the value for Namespace to leave the field blank.
- Click Save
- Close the Attributes & Claims page by clicking SAML-based Sign-on in the breadcrumbs. .
- Send the Federation Metadata XML code to WiseStamp, as follows:
- In the SAML Certificate section, click Download to the right of Federation Metadata XML.
- The Federation Metadata XML code is displayed. Select the code and copy it to a txt file.
- Send the file to support@wisestamp.com, so WiseStamp can further configure the SSO. WiseStamp will inform you as soon as the SSO is working for your domain.