Skip to main content

How to Set Up Single Sign-On (SSO)

Updated this week

Overview

We encourage all customers to integrate with our platform using a single sign-on (SSO). There are two main ways SSO can be set up:

  1. SP initiated: The user goes to the FundApps login page, enters his/her email, and gets redirected to the Identity Provider for authentication. This requires users to type in email but no password.

  2. IDP Initiated: The user goes to their SSO first and chooses the link to FundApps to login

This article has two sets of steps to follow - pick the set of steps based on your identity provider. Follow the General Steps for any identity provider other than ADFS. Follow the ADFS-specific steps if you are using ADFS as your identity provider.

Technical Notes Before Beginning

  • FundApps supports both IdP-initiated and SP-initiated sign-in.

  • Accounts are matched using an email address.

  • Provisioning of accounts (including allocation of user roles) is performed manually within FundApps itself.

  • SAML requests must be signed with SHA256 (both the digest and the signature).

Which Single Sign-On Connections Are Supported?

FundApps supports five types of Single Sign-On:

  1. OKTA

  2. Azure AD Web Application

  3. AzureAD SAML 2.0

  4. SAML 2.0

  5. ADFS

Where Can I Configure Single Sign-On?

Log in to your FundApps platform and navigate to the Administration (πŸ› οΈ) icon, click on the Setup drop-down list, and select SSO.

Note: Users who previously had two-factor authentication will have this functionality bypassed. For an additional layer of security, customers are encouraged to contact their security team to enable Multi-Factor Authentication (MFA) via their specific provider.

Where Can I Find Help on How to Configure Single Sign-On?

Please refer to the relevant page below for instructions on setting up your Single Sign-On connection.

How Do I Make Sure My New SSO Connection Works?

Once a new SSO connection has been set up, it can be tested by pressing the Try button.

SSO_status.png

You will be taken to your IDP and asked for your credentials. Upon entering your credentials, one of the following things will happen:

  • If everything has been set up correctly both in FundApps and in your IDP, you will see a success message.

  • If anything is incorrect on the IDP side, you will see an error message from your IDP.

  • If anything is incorrect on the FundApps side, you will see an error message coming from the auth.fundapps.co domain.

Once the connection has been set up successfully, you will see a new button on the FundApps login page that can be used to log in with SSO. See the example below.

SSO_login.PNG

How Do I Make Single Sign-On Mandatory?

Follow the instructions laid out in this article, Configuring Mandatory Single Sign-On.

Related Articles
FundApps SSO Connection - Azure AD SAML 2.0
FundApps SSO Connection - ADFS
FundApps SSO Connection - Okta
FundApps SSO Connection - Azure AD
FundApps SSO Connection - SAML 2.0
Did this answer your question?