WISdom supports Single Sign-On (SSO) using OIDC-compliant identity providers. Administrators configure SSO through the Admin Console › Integration page. WISdom supports two OAuth/OIDC authentication flows: Authorization Code and Authorization Code with PKCE (Proof Key for Code Exchange). The flow is selected during SSO configuration.
Configuration Process
- Create an OIDC-compliant application within your identity provider (e.g., Microsoft Entra, Okta).
- Generate client credentials and add the WISdom redirect URIs to the application.
- Configure the application to trust WISdom.
Authentication Flow
During configuration, select either the Authorization Code or PKCE tab in the Connect SSO wizard.
Authorization Code — A standard OAuth/OIDC flow that exchanges an authorization code for tokens using a client ID and client secret. The identity provider validates the client secret server-side before issuing tokens.
Authorization Code with PKCE — An extension of the Authorization Code flow that replaces the client secret with a dynamically generated code verifier and code challenge. The identity provider validates the code challenge instead of a static secret, which eliminates the need to store or transmit a client secret.
The table below shows the required fields for each flow in the Connect SSO wizard.
| Field | Authorization Code | PKCE |
|---|---|---|
| Name | Required | Required |
| Issuer | Required | Required |
| Audience | Optional | Optional |
| Authentication Client ID | Required | Required |
| Authentication Client Secret | Required | Not required |
| Authentication Endpoint | Required | Required |
| Token Endpoint | Required | Required |
| Public Key Endpoint | Required | Required |
| Logout Endpoint | Optional | Optional |
Testing Your SSO Configuration
Administrators must test the SSO configuration before it can be applied to all user accounts. A Test Connection button on the second page of the configuration wizard validates the setup by connecting to the configured authentication endpoint.
Saving Your SSO Configuration
When an SSO configuration is saved, all user accounts are updated to authenticate through the configured identity provider. Users who should not use SSO, such as consultants or MSP accounts, will need to be updated after saving. Contact Fortified WISdom Support with the account information for any accounts that need to be reset to standard authentication.
User Access
Once SSO is configured, users log in using their organization credentials from the WISdom login page. Credential authentication shifts from Fortified's Auth0 to your configured identity provider domain.
Error Handling
WISdom provides detailed error messages for SSO issues, including error codes to help with efficient troubleshooting.
For setup guidance specific to your identity provider, see:
For official identity provider documentation:
- Microsoft Entra — Register an application
- Okta — Authorization Code flow
- Okta — Authorization Code with PKCE flow
For assistance with SSO removal or configuration issues, contact Fortified WISdom Support.