SSO Setup

WriteBackExtreme supports Single Sign-On through SAML. Any provider supporting SAML is supported by WriteBackExtreme. We have made some examples of the major SSO providers (Azure, Okta, Ping) which you can use to derive the configuration for your SSO Provider.

What is needed for a SSO Setup

• Create an app in your identity provider

  • Assign the users and groups

  • Set Reply URL's

  • Set Attributes

• Add the following information from the app in your identity provider to WriteBackExtreme:

  • SP Entity ID, Entity ID, Login URL, iDP Certificate

Step-by-step instructions

1. Make sure you have a SSO provider like Okta, Azure, Ping, Google or other.

2. Create a new app in your Identity Provider.

3. Assign users and groups to the app.

4. Generate a SP Entity ID and fill it in your app. Note that this should not contain special characters. Remember the value, you will need it in step 9.

5. Set Reply URLs. Copy the Reply URLs from the Management Console.
6. Set the Sign On URL This is https://yourwritebackapp.com/backend/login (Also called Assertion Consumer Service URL).

7. Set the Attributes similar to the image below.
8. Your app is ready to use.

9. Copy the SP Entity ID from step 4 and paste it in SP Entity ID field. (Azure: Identifier, Okta: Audience URI)

10. Copy the IdP Entity ID from the app and paste it in IdP Entity ID field. (Azure: Microsoft Entra Identifier, Okta: Identity Provider Issuer).

11. Copy the Login URL from the app and paste it in Login URL field. (Azure: Login URL, Okta: Identity Provider Single Sign-On URL).

12. Copy certificate (X.509) from the app to IdP certificate field.

13. Click the test SAML/SSO Button.

14. If SSO is successful click on Apply Config.

15. Click on Save (Top of page).

Example SSO configuration: For security reasons the strings are partially blanked.