SSO

Home
Essential Knowledge
By Type
Building Blocks
APIs
Releases

Essential knowledge

Author:

Fluent Commerce

Changed on:

19 Dec 2024

Overview

This guide helps to select correct IDP configuration and plan SSO implementation.

Key points

SSO is only supported by the OMX framework
All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flowSSO/Ping Identity Environment

Prerequisite

SSO is only supported by the OMX framework.

API Users Overview

All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flow. API users can be created via API as per current implementation. All details provided for API Users will be stored in the SSO vendor environment.

SSO/Ping Identity Environment

SSO will be enabled for each Fluent account and the corresponding SSO Ping Identity environment will also be created. SSO enablement requests can be made via SRE or Success teams. You will need to provide details of the admin user who will be managing the SSO vendor environment.

SSO vendor environment setup will be done by the SRE team and the following changes will be introduced:

The admin user is created and provided the required permissions.
Authentication and password policies are set up. By default, the password policy is not configured strictly and has everything disabled. It all can be changed later.
Fluent Branding is enabled
Fluent OMX applications are enabled.
User and API authentication flows are added.

Once SSO Environment access is granted, then all configurations can be introduced by the client's IT Team or an Administrator directly in the SSO environment.

Access Restriction Notice

ADMIN and API user accounts can no longer log in to the OMS front-end interface.

Config Guide

SSO Enablement Process

SSO Environment Admin Users

Admin users will have the following permission in the SSO vendor environment:

Add integrations to Corporate IdP via SAML and Open ID Connect.
Enable or Disable Fluent Users.
Enable MFA
Change Password Policies
Change Environment Branding.

Note:

All Fluent Users need to be created in the Fluent application independently from what IdP type you select. There are no changes introduced to the way users are currently created, either APIs or Admin section in Fluent Console (Fluent OMS) can be used.

If you need to create an additional SSO vendor environment admin, follow the next guides:

Password Policy Configuration

Passwords policies are applicable for both IdP types: Corporate IdP and Fluent IdP.

For Corporate IdP cases, password policies will be used only for API users
For Fluent IdP they will be applied to all users.

Note:

Default password policy has every item disabled to make sure that login will flow will work as expected after user migration for Fluent IdP users. If the password policy is changed, then users will require to change the password on their first login.

Password policies are configured once per the SSO vendor environment.

Refer the following links to learn more about password policies:

SSO vendor environment support branding for a login page. This is only applicable to users with Fluent IdP. Corporate IdP users will be redirected to their own login page during authentication.

By default Fluent branding is provided but can be changed.

Branding and themes

Editing environment branding

SSO

Overview

Key points

Prerequisite

API Users Overview

SSO/Ping Identity Environment

Config Guide

Fluent Commerce

Building Blocks

By Type

Helpful Resources

Quick Links