Single Sign-On (SSO)

New
  • Updated on Apr 29, 2026
  • Published on May 9, 2025
  • 1 minute(s) read
Prev Next

Overview

WISdom supports Single Sign-On (SSO) using OIDC-compliant identity providers. Administrators configure SSO through the Admin Console under Integrations. WISdom supports two OAuth/OIDC authentication flows: Authorization Code and Authorization Code with PKCE (Proof Key for Code Exchange). The flow is selected during SSO configuration. Key aspects of SSO setup include:

  1. Configuration Process

    • Create an OIDC-compliant application within your identity provider (e.g., Microsoft Entra, Okta).
    • Generate client credentials and whitelist the WISdom redirect URLs.
    • Configure the application to trust WISdom.

  2. Authentication Flow

    • During configuration, select either the Authorization Code or PKCE tab in the Connect SSO wizard.
    • Authorization Code — A standard OAuth/OIDC flow that exchanges an authorization code for tokens using a client ID and client secret. The identity provider validates the client secret server-side before issuing tokens.
    • Authorization Code with PKCE — An extension of the Authorization Code flow that replaces the client secret with a dynamically generated code verifier and code challenge. The identity provider validates the code challenge instead of a static secret, which eliminates the need to store or transmit a client secret.

    The table below shows the required fields for each flow in the Connect SSO wizard.

    Field Authorization Code PKCE
    Name Required Required
    Issuer Required Required
    Audience Optional Optional
    Authentication Client ID Required Required
    Authentication Client Secret Required Not required
    Authentication Endpoint Required Required
    Token Endpoint Required Required
    Public Key Endpoint Required Required
    Logout Endpoint Optional Optional

  3. Testing Your SSO Configuration

    • Administrators can test the SSO configuration before applying it to all user accounts.
    • A Test Connection button on the second page of the configuration wizard validates the setup by connecting to the configured authentication endpoint.

  4. User Access

    • Once SSO is configured, users log in using their organization credentials from the WISdom login page.
    • Credential authentication shifts from Fortified's Auth0 to your configured identity provider domain.

  5. Error Handling

    • WISdom provides detailed error messages for SSO issues, including error codes to help with efficient troubleshooting.

For setup guidance specific to your identity provider, see:

For assistance with SSO removal or configuration issues, contact Fortified WISdom Support.