Documentation

Single Sign On (SSO)

Learn how to setup Single Sign On

Suggest Edits

Overview

In this article, we'll cover GrowthLoop's support for Single Sign-On (SSO) and the various identity providers and protocols that you can use for your SSO configuration. GrowthLoop supports SSO to provide a seamless and secure authentication experience. You can configure SSO with GrowthLoop using your identity provider and connect via SAML (Security Assertion Markup Language), OIDC (OpenID Connect) protocols, or LDAP protocols.

While we support multiple protocols, most of our SSO integrations are done via SAML, and this guide will assume a SAML configuration for your setup.

Supported Identity Providers and Services

GrowthLoop (via Auth0) currently supports the following identity providers and services with streamlined integrations:

General Setup Requirements

Follow these steps to configure Single Sign-On (SSO) with an Identity Provider in GrowthLoop, assuming a SAML setup. Need help? Your Solutions Architect will be available to support you throughout the process!

Step 1: Client App URL Setup (for Multi-Tenant Environments)

If your organization uses a multi-tenant environment, GrowthLoop will set up a custom URL for your dedicated SSO login. This requires coordination with our engineering team to update the domain and deploy the new environment. The domain format will be {client}.flywheelproducts.com.

📘

Note

This step is unnecessary if your organization uses a single-tenant environment.

Step 2: Setup Info for Your SSO

To set up an SSO connection in your identity provider (e.g., Okta, Azure AD), you'll need the following information from your Solutions Architect:

  • Client ID: urn:auth0:vortex-prod:{<client-name>-connection}
  • Reply URL (Assertion Consumer Service URL): https://vortex-prod.auth0.com/login/callback?connection={<client-name>-connection}
  • Sign-On URL (Sign-in Redirect URIs): https://vortex-prod.auth0.com/login/callback?connection=<client-name>-connection
  • Logout URL: https://<client-name>.flywheelproducts.com/auth/logout
  • Trusted Origins: https://app.flywheelproducts.com

In response, provide your Solutions Architect with the following information from your side:

  • Sign-In URL
  • X509 Signing Certificate
  • Data mappings for user_id and email

Step 3: Configure Connection in Auth0

Once your domain is set up, your Solutions Architect will configure the SAML connection in Auth0. The connection name in Auth0 must match {client}-connection to dynamically update your login page with your organization's SSO configuration.

Configuration Details:

  • Sign-In URL: Provided by your identity provider during the setup process.
  • X509 Signing Certificate: Obtained during your setup process with your identity provider.
  • Data Mappings: Ensure correct mappings for user_id and email. These values will determine how users are identified and routed within our system.

Step 4: Testing and Verification

We recommend conducting a thorough testing phase to ensure that the connection is working as expected. This can often be done by GrowthLoop without involving you directly, especially if your Solutions Architect has access to your system. However, if needed, we can coordinate a call to assist with debugging.

Testing Process:

  1. Enable Debug Mode: Set the connection to debug mode in the Auth0 connection settings.
  2. Monitor Logs: Use Auth0's "Monitoring" > "Logs" section to track login attempts.
  3. Test Login: Have someone from your organization attempt a login. Review the logs to ensure proper authentication and data mappings.
  4. Final Configuration: Adjust any mappings as needed based on test results. Ensure that user IDs and email attributes are correctly configured.

If everything is functioning as expected, the connection will be live, and you will be able to log in using SSO.

📘

Note:

If you experience any issues or have questions during the setup process, please reach out to us at [email protected], and we’ll be in touch shortly!

Updated about 2 months ago