Skip to main content

Single Sign-On (SSO)

Learn how to set up Single Sign-On for your company to enable secure and seamless access.

A
Written by Agrima Hemrajani
Updated over 2 weeks ago

1. Introduction

What is SSO?

Single Sign-On (SSO) lets you log in to multiple apps using your corporate email and password. Instead of remembering different passwords for each app, you only need one login. This makes things easier, faster, and more secure for your company.

Why Use SSO?

  • Fewer Passwords to Remember: Your corporate login gives access to all work apps, making it less prone to mistakes.

  • Easy User Management: It's simpler for the IT team to control access for users to specific apps.

  • Better Security: Your IT team has more control and can enforce its policies across apps.

  • Saves Time: Quick access to tools helps teams work faster.

Who Should Use This Guide?

This guide is intended for IT administrators, security teams, or any technical staff responsible for configuring and managing SSO integrations.

Note: Only users with admin or owner roles in WegoPro have access to the SSO configuration settings.

Glossary

  • SSO (Single Sign-On): One login to access many apps.

  • IdP (Identity Provider): The system that checks your identity (e.g., Okta, Google, Auth0).

  • SP (Service Provider): The app you're trying to use (e.g., WegoPro).

  • SAML 2.0 (Security Assertion Markup Language 2.0): A standard protocol for apps and identity systems to talk to each other during login.

  • OpenID Connect (OIDC): An authentication layer on top of OAuth 2.0 (an SSO protocol)

  • ACS URL (Assertion Consumer Service URL): The url where login info is sent to a service provider after you've logged in to your IdP.

  • Entity ID: A unique name for either the app or identity system.

  • JIT (Just-In-Time Provisioning): Creates a user account automatically when they log in for the first time.

2. Supported protocols & Pre-requisites

Supported Protocols

  • SAML 2.0

Before you begin:

  • You must have admin access to your Identity Provider (IdP).

  • Ensure you’re using a provider that supports SAML 2.0.

  • Your domains must be verified. Refer domain verification help article here

  • Access to WegoPro’s Admin Panel.

3. SSO Setup

3.1. Accessing the SSO Settings

  1. Get in touch with your Customer Success Manager to enable SSO for your company.

  2. Log in to your WegoPro admin portal.

  3. Navigate to the "Company Settings" → “Security” → “Single Sign On

  4. If SSO is enabled for you, You will see the “Set up” button.

3.2. Configuration Steps

  1. Click on “Set Up” button in the “Single Sign On” setting

  2. Create a SAML Application in your IdP
    In your Identity Provider, create a new SAML application and fill in the following fields using the values provided in your WegoPro Admin Panel:

    • Assertion Consumer Service (ACS) URL

    • Entity ID

  3. Make sure your IdP sends emailAddress as the unique user identifier (NameID).

  4. Add any custom mapping of attributes from your IdP to WegoPro. You should map at least the following attributes:

    1. emailAddress

    2. givenName

    3. lastName

  5. Download Metadata XML from Your IdP: Once your application is set up, download the SAML metadata XML file from your IdP. This file contains all the necessary configuration to establish trust between WegoPro and your IdP.

  6. Import the XML File into WegoPro

    1. Go back to the Configure SSO screen in WegoPro.

    2. Drag and drop the downloaded metadata XML file into the upload area, or click "click here to attach".

    3. Once uploaded, click "Enable Single Sign On" to activate SSO for your organization.

  7. Run a test login to verify functionality.

  8. After successful testing, inform users of the upcoming change and provide instructions for logging in with SSO.

  9. Once the SSO is enabled, you would be able to see bwlo two settings which you can enable/disable based on your preference:

    1. Sign in with SSO only - When enabled, all users are required to access WegoPro through the company’s SSO. Regular email-password login is turned off.
      ​⚠️ Caution: Enable this setting only after SSO has been successfully set up and confirmed to be working properly. Enabling it before verification may block access. If the setting remains disabled and there is any issue with the SSO configuration, you can still sign in using email and password to access the account and resolve the issue.

    2. Allow account creation - When enabled, this setting lets new users automatically receive a WegoPro account on their first SSO sign-in, as long as they use an email from a verified company domain.

  10. Rollback Procedure

    In case of issues, you can disable SSO and revert to the previous authentication method. For any queries or assistance, please contact your Customer Success Manager or email our support team: support@wegopro.com

3.3. Login via SSO

Once your company has successfully configured and enabled Single Sign-On (SSO), users can log in using the following steps:

  1. Go to https://www.wegopro.com/signin

  2. Select the “Sign in with SSO link”

  3. Enter your email address and the subdomain associated with your company.

  4. Alternatively visit the sign-in page for your company (ask your company admin for the link).

  5. Click on “Sign in”

  6. You will then be redirected to your company’s Identity Provider (e.g., Okta, Google, Microsoft Entra) to authenticate.

  7. After successful authentication, you'll be redirected back to WegoPro and automatically signed in.

⚠️ If you see an error during login, please check with your IT team who configured the SSO. They can refer to the troubleshooting section for possible causes and solutions.

4. Identity Provider (IdP) Specific Guides

4.1. Okta SSO Setup

  • Overview: Okta is a popular cloud-based identity and access management solution.

  • Configuration Steps:

    1. Register your application in Okta.

    2. Enter your platform’s SSO details (ACS URL, Entity ID).

    3. Map user attributes from Okta to your platform.

    4. Test the integration.

  • Helpful Links: developer.okta.com

4.2. Auth0 SSO Setup

  • Overview: Auth0 is an identity management platform that simplifies authentication and authorization.

  • Configuration Steps:

    1. Set up an application in Auth0 and select the SSO protocol.

    2. Configure the connection with your SSO settings.

    3. Map the required user attributes and perform a test login.

  • Helpful Links: (Link to Auth0’s guide)

4.3. Microsoft Entra (Azure AD) SSO Setup

  • Overview: Microsoft Entra (formerly Azure AD) provides cloud-based identity and access management.

  • Configuration Steps:

    1. Register your platform as an application in Microsoft Entra.

    2. Configure SAML settings, including metadata, reply URLs, and certificate setup.

    3. Test user authentication through the Microsoft portal.

  • Helpful Links: learn.microsoft.com

4.4. Google SSO Setup

  • Overview: Google Cloud Identity and Google Workspace offer robust SSO capabilities.

  • Configuration Steps:

    1. Register your application in the Google Admin console.

    2. Configure SAML settings, including the ACS URL and Entity ID.

    3. Verify and map user attributes.

    4. Run a test to ensure smooth redirection and authentication.

  • Helpful Links: support.google.com

4.5. OneLogin SSO Setup

  • Overview: OneLogin is a cloud-based identity and access management platform that supports SAML-based Single Sign-On.

  • Configuration Steps:

    1. Open the application in the OneLogin Admin Console and go to the Configuration tab. Enter your platform’s ACS (Consumer) URL and Entity ID, and save the changes.

    2. Navigate to the Parameters tab and ensure the required user attributes (e.g., email, first name, last name) are added, mapped to OneLogin user fields, and marked as Include in SAML assertion.

    3. Go to the SSO tab and download the SAML Metadata (XML) file from the top-right corner. Upload or share this XML with your platform to complete the setup.

    4. Test the SSO flow by logging in as an assigned user or initiating login from the SSO tab.

  • Helpful Links: SSO-with-OneLogin

5. Troubleshooting

  • Attribute Mapping Errors:

    • Double-check attribute names and values.

    • Ensure required attributes are present in the IdP.

  • Login Redirect Issues:

    • If you're unable to log in via SSO, it could be due to one of the following reasons:

      • You’re not a member of the company, and domain-based access (”allow anyone to join” option) is disabled:

        The company only allows invited users. Your login will be declined if you do not have an invitation to join the company.

      • You’re not a member of the company, but domain-based access (”allow anyone to join” option) is enabled

        • If your email domain matches the company’s verified domain, you are eligible to join the company, provided:

          • You already have an account on WegoPro

          • Just-In-Time provisioning is enabled for the company if you don’t have an account with WegoPro

    • If you are still facing issues:

      • Verify the ACS URL and Entity ID are correct.

      • Check for browser console errors.

      • Clear browser cache and cookies.

Did this answer your question?