Table of contents
Whether you're a seasoned IT pro or new to the world of identity management, this guide will help you understand the key terms and steps involved in setting up SSO to access to Fugo.
Configuring SSO can get quite technical, so first we'll outline some terms that will be used throughout this article:
Identity Provider (IdP): An Identity Provider (IdP) manages identity information and provides authentication services.
Service Provider (SP): In this case, it refers to Fugo software.
Single Sign-On (SSO): A user authentication process that allows a user to access multiple applications or systems with one set of login credentials.
What protocols does Fugo support?
SAML 2 (Security Assertion Markup Language 2.0): SAML 2.0 is an XML-based protocol that allows identity providers (IdPs) to pass authorization credentials to service providers (SPs).
OIDC (OpenID Connect): OIDC is an authentication layer on top of the OAuth 2.0 protocol, which itself is a framework that allows third-party services to exchange web resources on behalf of a user.
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is a user authentication process that allows a user to access multiple applications or systems with one set of login credentials. This means the user logs in once and gains access to all associated systems without needing to authenticate separately for each one.
SSO simplifies the user experience, reduces password fatigue, and enhances security by minimizing the number of times a user must enter their credentials, thereby decreasing the potential for phishing attacks.
It's commonly implemented in business and educational environments to streamline access to various software systems and resources.
What do I need to know about using SSO with Fugo?
If you want to use your organization's IdP for signing in to Fugo, you will need to:
Configure SSO in your account and
Create the Fugo app in your corresponding IdP
Depending on your setup, we provide guides for some of the most common IdP services:
SAML
OKTA
Google
Azure
If your service is not on the list, the configuration concept will be similar since we use OIDC and SAML protocols.
If you need help setting up Fugo SSO with your IdP service provider contact our support team at support@fugo.ai.
Is there an additional cost for SSO?
SSO is available exclusively for Fugo Enterprise users. You can learn more about our Enterprise packages & supported features here. Or reach out to our sales team at sales@fugo.ai.
How to configure SSO in Fugo
You'll need to have a Fugo account to set up SSO. If you don’t have one, you can sign up for a trial here.
Enter your IdP provider information in Fugo
1. Go to your Fugo Account page and navigate to the Single Sign-On tab.
2. Input the configuration information from your IdP service provider.
Configure Fugo in your IdP service
Next, you need to configure Fugo in your IdP service provider so that it recognizes requests from Fugo.
Once you press Save Settings at the bottom of the page in Fugo, you'll see additional Fugo SSO settings that you'll enter into your IdP service configuration page.
How to log in with SSO
Once configured, you can log in from Fugo's login page:
⚡ Note: We don’t support IdP-initiated login just yet.
If your Service Provider (SP) and Identity Provider (IdP) are the same, and this is your first time using Fugo SSO, you may be prompted to link your IdP account with your existing Fugo account if the registered email matches the one used for SSO. This step is necessary to confirm that both accounts belong to the same user.
1. Click Add to existing account.
2. Now, use your Fugo email and password to confirm you own the Fugo account. This will complete the merging of the two user accounts.
3. When you press Sign In, you will be redirected to your Fugo Account.
💡 Note: This is a one-time-only step. You won't be asked to repeat it the next time you use Fugo to log in
User provisioning
To grant your organization's employees access to Fugo, you'll need to provision their accounts from your Identity Provider (IdP). This typically involves assigning users to the Fugo App within the IdP's configuration page.
For example, in Okta:
You won't need to create a Fugo account for your employees, as this will be done automatically by Fugo using Just-in-Time (JIT) provisioning.
JIT eliminates the need for manual account setup and maintenance, thereby increasing the efficiency of the SSO process.
To ensure proper provisioning, you must add the correct Fugo attributes to your employee user profiles:
fugo_role: Represents a Fugo role and must exactly match the role created in Fugo; otherwise, the user will be assigned a default role, which is also configurable.
fugo_space: Specifies the Fugo Space where the user will be added; if the Space name is incorrect or missing, Fugo will provision the user in the root admin space.
firstName: This attribute will be automatically transferred to Fugo.
lastName: This attribute will also be automatically transferred to Fugo.
The synchronization of the IdP user profile with the Fugo user profile will occur every time a user logs in to Fugo.
Need more help?
If you need help at any time, you can always drop a message in our chat box or write to us at support@fugo.ai!