Skip to main content

SAML Single Sign-On

Introduction#

Once you have created a business account on Fynd Platform, you can set up a SAML single sign-on, through which, members in your organization can authenticate through your identity provider, rather than registering individually on Fynd Platform.

You can set up a single sign-on (SSO) on Fynd Platform using identity providers such as G-Suite and Azure AD. SAML will facilitate the data between the identity provider (IDP) and service provider (SP).

QG1

Figure 1: SAML Single Sign-On Configuration

How to access on Fynd Platform

In this document, we will learn the process of configuring SAML SSO with the following identity providers:


G-Suite#

Prerequisite

A Google Workspace Admin account (formerly known as G-Suite).

  1. Set up your custom SAML app in your Google Admin Console (admin.google.com).

  2. Go to Apps → Web and mobile apps

  3. Click Add AppAdd private SAML app. Enter a name and icon in the App Details page and click Continue.

  4. On the Google Identity Provider details page, click Download Metadata to get the setup information.

    QG1

    Figure 2: Identity Provider Details Page

  1. Copy and paste the following IDP settings into Fynd Platform:

    • SSO URL
    • Entity ID
    • Certificate

    QG4

    Figure 3a: Copying The SSO URL, Entity ID, And Certificate

    QG1

    Figure 3b: Pasting The SSO URL, Entity ID, And Certificate

  1. Copy and paste the following SP settings from Fynd Platform to the IDP console.

    • Issuer
    • Callback Url

    QG1

    Figure 4a: Copying The Issuer And Callback Url

    QG4

    Figure 4b: SAML Application

    QG4

    Figure 4c: Service Provider Details Page

  1. Under IDP settings, you get the following additional configurations:

    QG2

    Figure 5: Addition Configurations in SAML SSO Settings

    • Note - Enter a text to display on the login screen.

    • Logo - Upload an image to display on the login screen.

    • Session Age - Specify a duration (in hours) beyond which a user will be logged out.

    • Assign Roles Manually - Role determines the access and permissions a user will get in Fynd Platform. Enable this option to manually assign roles to users signed in via SSO. Disable the option to fetch and sync the roles directly from G-Suite.

      • Role - Shows a list of roles if defined already within the Team section of Fynd Platform.

      • Create New Role - If no role is defined yet, use this option to create a role, and specify the permissions granted to the users who log in via SSO.

        QG2

        Figure 5a: Creating A Role

        QG11

        Figure 5b: Giving Permissions

        QG11

        Figure 5c: Role Creation Successful

        QG2

        Figure 5d: Choosing A Role

    • Provider - Select an identity provider; in this case, Google.

  2. Upon successful setup, members of your organization who have not registered on Fynd Platform can choose Login as Organisation.

    QG1

    Figure 6: Fynd Platform Login Page

  1. They can enter the Company ID.

    QG1

    Figure 7a: Single Sign-On Page

    QG1

    Figure 7b: SAML Login Page

  1. Finally, they can sign in to Fynd Platform using their Google Account.

    QG1

    Figure 8: Google Sign-In Page


Azure AD#

Prerequisite

An Azure account with an active subscription, and an enterprise application created within it for setting up SSO. Click here to know more about adding an application in Azure AD.

  1. After adding an enterprise application, you'll get an overview page.

    QG1

    Figure 1: Enterprise Application Overview Page

  2. In the Manage section, select Single sign-on.

    QG1

    Figure 2: Single Sign-On Configuration

  3. Go to SAML SSO settings in Fynd Platform, and copy the following SP settings:

    • Issuer
    • Callback Url

    QG1

    Figure 3a: Copying The Issuer And Callback Url

    Use the Edit option in the first block, i.e., 'Basic SAML Configuration' to paste the copied values as shown below.

    • IssuerIdentifier
    • Callback UrlReply URL

    QG1

    Figure 3b: Pasting The Issuer And Callback Url

  1. Go to the 4th block, i.e., 'Set up yourAppName' and click on View step-by-step instructions.

    QG1

    Figure 4: Checking IDP Settings

  1. From the pane (on the right-side), copy the following values one-by-one:

    • SAML Single Sign-On Service URL
    • SAML Entity ID

    QG1

    Figure 5a: Copying Data For SSO URL And Entity ID

    Paste the copied values in IDP Settings of Fynd Platform as shown below.

    • SAML Single Sign-On Service URLSSO URL
    • SAML Entity IDEntity ID

    QG1

    Figure 5b: Pasting Data Into SSO URL And Entity ID

  1. Go to the 3rd block, i.e., 'SAML Signing Certificate*' and use the Download button next to 'Certificate (Base64)'.

    QG1

    Figure 6: Downloading Certificate

  1. Use any text editor to open the certificate, and copy its content.

    QG2

    Figure 7a: Copying Certificate Content

    Paste the copied content in the IDP Settings of Fynd Platform.

    QG1

    Figure 7b: Pasting Certificate Content

  1. Under IDP settings, you get the following additional configurations:

    QG2

    Figure 8: Addition Configurations in SAML SSO Settings

    • Note - Enter a text to display on the login screen.

    • Logo - Upload an image to display on the login screen.

    • Session Age - Specify a duration (in hours) beyond which a user will be logged out.

    • Assign Roles Manually - Enabled by default for Azure AD.

      • Role - Shows a list of roles defined within the Team section of Fynd Platform.

      • Create New Role - If no role is defined yet, use this option to create a role and specify the permissions granted to the users who log in via SSO.

        QG11

        Figure 8a: Giving Permissions

        QG11

        Figure 8b: Role Creation Successful

        QG2

        Figure 8c: Choosing A Role

    • Provider - Select an identity provider; in this case, Microsoft AD.

  1. Upon successful setup, members of your organization who have not registered on Fynd Platform can choose Login as Organisation.

    QG1

    Figure 9: Fynd Platform Login Page

  1. They can enter your Company ID.

    QG1

    Figure 10a: Single Sign-On Page

    QG1

    Figure 10b: SAML Login Page

  1. Finally, they can sign in to Fynd Platform using their Microsoft Account.

    QG1

    Figure 11: Microsoft Sign-In Page