Authentication and Single sign-on (SSO)
Author:
Fluent Commerce
Changed on:
19 Dec 2024
Overview
This guide helps to select the correct IDP configuration and plan SSO implementation.
Key points
- Single sign-on (SSO) is exclusive to the OMX framework, and API users are managed in Fluent IdP, not Corporate IdP, with creation possible through API.
- SSO, enabled for each Fluent account, involves creating a corresponding SSO Ping Identity environment managed by the SRE team, covering admin user setup, password policy configuration, branding, and application enablement.
- SSO Environment Admin Users, Fluent IdP Configuration, Password Policy, and other guides provide comprehensive details for SSO enablement, Corporate IdP integration, user management, authentication policies, multi-factor authentication, and configurations with Azure AD and Okta.
Prerequisite
Single sign-on (SSO) is only supported by the OMX framework.
API Users Overview
All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flow. API users can be created via API as per the current implementation. All details provided for API Users will be stored in the SSO vendor environment.
SSO/Ping Identity Environment
SSO will be enabled for each Fluent account, and the corresponding SSO Ping Identity environment will also be created. SSO enablement requests can be made via SRE or Success teams. You must provide details of the admin user managing the SSO vendor environment.
SSO vendor environment setup will be done by the SRE team, and the following changes will be introduced:
- The admin user is created and provided the required permissions.
- Authentication and password policies are set up. By default, the password policy is not configured strictly and has everything disabled. It all can be changed later.
- Fluent Branding is enabled.
- Fluent OMX applications are enabled.
- User and API authentication flows are added.
Once SSO Environment access is granted, all configurations can be introduced by the client's IT Team or an Administrator directly in the SSO environment.
SSO Environment Admin Users
Fluent Identity Provider (IdP) Configuration
Password Policy Configuration
Login Page Branding
How SSO Affects User Authentication
When Single Sign-On (SSO) is enabled, user authentication is handled by an external Identity Provider (IDP), which manages user credentials and authentication processes. This means that authentication requests bypass
`client_secret`
The typical flow involves the user initiating a login request, which is then redirected to the IDP. The IDP verifies the user’s credentials, and upon successful authentication, returns a token to the application, allowing the user access to the system.
Guides
- SSO Enablement Process
- Corporate IdP Integration
- User Onboarding and Offboarding
- User Management
- Authentication Policies Configuration
- Multi-Factor Authentication (MFA) Configuration
- SSO: Configure Azure AD Connection via SAML
- SSO: Configure Azure AD Connection via OIDC
- SSO: Configure Google Workspace Connection via SAML
- SSO: Configure JumpCloud Connection via SAML
- SSO: Configure Okta Connection via SAML
- Auditing