Documentation Index

Fetch the complete documentation index at: https://docs.fortifiedwisdom.com/llms.txt

Use this file to discover all available pages before exploring further.

Single Sign-On (SSO)

Prev Next

WISdom supports Single Sign-On (SSO) using OIDC-compliant identity providers. Administrators configure SSO through the Admin Console › Integration page. WISdom supports two OAuth/OIDC authentication flows: Authorization Code and Authorization Code with PKCE (Proof Key for Code Exchange). The flow is selected during SSO configuration.

Configuration Process

  • Create an OIDC-compliant application within your identity provider (e.g., Microsoft Entra, Okta).
  • Generate client credentials and add the WISdom redirect URIs to the application.
  • Configure the application to trust WISdom.

Authentication Flow

During configuration, select either the Authorization Code or PKCE tab in the Connect SSO wizard.

Authorization Code — A standard OAuth/OIDC flow that exchanges an authorization code for tokens using a client ID and client secret. The identity provider validates the client secret server-side before issuing tokens.

Authorization Code with PKCE — An extension of the Authorization Code flow that replaces the client secret with a dynamically generated code verifier and code challenge. The identity provider validates the code challenge instead of a static secret, which eliminates the need to store or transmit a client secret.

The table below shows the required fields for each flow in the Connect SSO wizard.

Field Authorization Code PKCE
Name Required Required
Issuer Required Required
Audience Optional Optional
Authentication Client ID Required Required
Authentication Client Secret Required Not required
Authentication Endpoint Required Required
Token Endpoint Required Required
Public Key Endpoint Required Required
Logout Endpoint Optional Optional

Testing Your SSO Configuration

Administrators must test the SSO configuration before it can be applied to all user accounts. A Test Connection button on the second page of the configuration wizard validates the setup by connecting to the configured authentication endpoint.

Saving Your SSO Configuration

Important

When an SSO configuration is saved, all user accounts are updated to authenticate through the configured identity provider. Users who should not use SSO, such as consultants or MSP accounts, will need to be updated after saving. Contact Fortified WISdom Support with the account information for any accounts that need to be reset to standard authentication.

User Access

Once SSO is configured, users log in using their organization credentials from the WISdom login page. Credential authentication shifts from Fortified's Auth0 to your configured identity provider domain.

Error Handling

WISdom provides detailed error messages for SSO issues, including error codes to help with efficient troubleshooting.

For setup guidance specific to your identity provider, see:

For official identity provider documentation:

For assistance with SSO removal or configuration issues, contact Fortified WISdom Support.