SSO (single sign-on)

With SSO (single sign-on), you can easily log in to Fairmarkit with the same credentials you use for other systems within your organization or through a third-party identity provider. Fairmarkit supports Identity Provider-initiated (IdP) and Service Provider-initiated (SP) SSO process flows.

What types of sign-on are supported?

Identity provider-initiated (IdP) SSO

With Identity Provider-initiated (IdP) Single Sign-On (SSO), you log in to your Identity Provider's (IdP) page and select Fairmarkit. Your IdP checks your credentials and then sends a special pass, called a SAML assertion, to Fairmarkit. Once verified, you're logged into Fairmarkit.

Service provider-initiated (SP) SSO

With Service Provider-initiated (SP) Single Sign-On (SSO), you access Fairmarkit directly, and Fairmarkit verifies your credentials with your Identity Provider (IdP) before logging you in.

Manual sign-on

With manual sign-on, you use your email and password to sign in to Fairmarkit via basic authentication.

What information do I need to provide?

When getting started, you'll work with Fairmarkit to set up SSO. As part of this process, Fairmarkit will send you an SSO form to complete and ask a few questions about which configurations to enable. This information is necessary to set up SSO.

Information

On the SSO form, you’ll need to indicate the SAML payload attributes that will store the following user details:

• Email address

• First Name

• Last Name

• Customer XML SAML Metadata File

SSO configurations

Select if you want the following configurations enabled:

Just-in-time (JIT) provisioning

Just-in-time provisioning creates a Fairmarkit user account when a user accesses Fairmarkit for the first time via SSO. Your organization can select a default Fairmarkit user role to assign to new users created via this method.

If this is disabled, users will not be able to access Fairmarkit via SSO unless their account is manually created in the platform first.

Manual sign-on

With manual sign-on enabled, users can use their email and password to sign on to Fairmarkit via basic authentication.

If this is disabled, you will also need to provide a list of all email domains that should not be able to sign on manually. Users with specified email domains cannot log onto the platform via basic authentication, forcing them to use SSO.

What to expect

After providing your information to Fairmarkit, the following happens:

• Staging setup: Fairmarkit will setup SSO in your Staging environment.

• Testing: You will need to test and confirm that Staging is working as expected and let Fairmarkit know.

• Live setup: Fairmarkit will setup SSO in your live Production environment.