Docs

Search

Sign In

Home
Essential Knowledge
By Type
Building Blocks
APIs
Releases

SSO

Essential knowledge

Author:

Fluent Commerce staff

Changed on:

13 May 2024

Overview

This guide helps to select correct IDP configuration and plan SSO implementation.

Key points

SSO is only supported by the OMX framework
All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flowSSO/Ping Identity Environment

Prerequisite

SSO is only supported by the OMX framework.

API Users Overview

All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flow. API users can be created via API as per current implementation. All details provided for API Users will be stored in the SSO vendor environment.

SSO/Ping Identity Environment

SSO will be enabled for each Fluent account and the corresponding SSO Ping Identity environment will also be created. SSO enablement requests can be made via SRE or Success teams. You will need to provide details of the admin user who will be managing the SSO vendor environment.

SSO vendor environment setup will be done by the SRE team and the following changes will be introduced:

The admin user is created and provided the required permissions.
Authentication and password policies are set up. By default, the password policy is not configured strictly and has everything disabled. It all can be changed later.
Fluent Branding is enabled
Fluent OMX applications are enabled.
User and API authentication flows are added.

Once SSO Environment access is granted, then all configurations can be introduced by the client's IT Team or an Administrator directly in the SSO environment.

Config Guide

SSO Enablement Process

SSO Environment Admin Users

Admin users will have the following permission in the SSO vendor environment:

Add integrations to Corporate IdP via SAML and Open ID Connect.
Enable or Disable Fluent Users.
Enable MFA
Change Password Policies
Change Environment Branding.

Note:

All Fluent Users need to be created in the Fluent application independently from what IdP type you select. There are no changes introduced to the way users are currently created, either APIs or Admin section in Fluent Console (Fluent OMS) can be used.

If you need to create an additional SSO vendor environment admin, follow the next guides:

Password Policy Configuration

Passwords policies are applicable for both IdP types: Corporate IdP and Fluent IdP.

For Corporate IdP cases, password policies will be used only for API users
For Fluent IdP they will be applied to all users.

Note:

Default password policy has every item disabled to make sure that login will flow will work as expected after user migration for Fluent IdP users. If the password policy is changed, then users will require to change the password on their first login.

Password policies are configured once per the SSO vendor environment.

Refer the following links to learn more about password policies:

Login Page Branding

SSO vendor environment support branding for a login page. This is only applicable to users with Fluent IdP. Corporate IdP users will be redirected to their own login page during authentication.

By default Fluent branding is provided but can be changed.

Branding and themes

Editing environment branding

Fluent Commerce staff

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

SSO

Overview

Key points

Prerequisite

API Users Overview

SSO/Ping Identity Environment

Config Guide

Fluent Commerce staff

Building Blocks

By Type

Legal Resources