Single Sign-On

What is it?

Single sign-on (SSO) is an authentication method that allows a user to securely log in with a single set of credentials to several platforms, applications, or services.

In this case, Whisbi offers the possibility for its clients to allow their users to log in with their company credentials, without sharing that information with our system.

What can you do with it?

You can use your already existing company e-mail to seamlessly log in throughout the Whisbi Agent experience.

Requirements

The client must have their own authentication provider based on OpenID Connect (OIDC). Whisbi does not provide an authentication provider for this purpose. Currently Whisbi only supports OIDC.

Whisbi has to be able to discover and communicate with the authentication provider. For this, the authentication provider must be accessible from outside the company’s network via URL (known as discoveryUrl, and commonly following the pattern .../.well-known//openid-configuration), and the company must create or configure a client within their authentication provider and get a clientId and clientSecret pair keys.

The client must include a list of authorized callback URLs to send the response on the user authentication attempt. It is mandatory that the following URL is included in the configuration: https://[<region>-]api.whisbi.com/api/auth/sso/cb

How to get started?

To access your SSO settings on Backstage, navigate to the Service Configuration section and click on the settings tab as shown here. You will notice that the SSO option is disabled by default.

When clicking on Enable SSO toggle, the SSO options form appears:

The meaning of each button is following:

  • Enable SSO: whether or not customer activated SSO.
  • Login only with SSO: in case SSO is enabled, whether or not is it the only login option or can users still log in with email and password.
  • Name: a name for the configuration, which will appear in the SSO button when authenticating if SSO is not forced (Login only with SSO=enabled).
  • Discovery URL: public endpoint through which to fetch the authentication provider information. This information will be fetched by the Whisbi system to configure the OIDC client to perform requests.
  • Client ID: the ID/name of the client created or configured for Whisbi
  • Client Secret: the secret key for Whisbi systems to be authorised by the authentication providers with the given client ID.

The customer can delete all the configuration details at any moment by clicking the “Delete configuration” button.

Note that currently, this configuration is manageable only by Whisbi or Brand Administrators.