FAQ - Single-Sign-On (SSO)
Updated
by
Steve Corbesero
SiteWorx supports SAML Single Sign-On (SSO) using both Identity Provider and Service Provider initiated flows. There are a few steps that both you & SiteWorx Support need to go through to enable SSO for your SiteWorx instance.
- Within your Identity Provider (IdP), set up the following:
Assertion Attributes:
phone_number_verified, locale and siteworx) must have lowercase values that match the values noted below.Field | Required | Example |
YES | “JohnDoe@example.com” | |
first_name | NO | “John” |
last_name | NO | “Doe” |
phone | NO | |
phone_country_code | NO | “1” |
phone_number_verified | NO | “true”, “false” |
locale | NO | “en”, “de”, “es”, “fr” |
siteworx | YES | “user”, “admin” (org admin), “” (not approved for SiteWorx) |
ACS: https://<organization>-backend.siteworx.io/api/v1/sso/saml2/organizations/<organization>/callback
SP Entity ID: https://<organization>-backend.siteworx.io
Using https://acmecorporation.siteworx.io as an example, the ACS would be
https://acmecorporation-backend.siteworx.io/api/v1/sso/saml2/organizations/acmecorporation/callback and the SP Entity ID would be https://acmecorporation-backend.siteworx.io.- After the IdP is configured, send a metadata.xml file or metadata URL to SiteWorxOps@siteworx.io with relevant information about your SiteWorx account (such as company name and organization).
Other FAQs
Does SiteWorx support granular user permissions restricting user access to specific sites?
Yes, granular user permissions can be accomplished using the siteworx assertion attribute. Please contact SiteWorxOps@siteworx.io for guidance on granular user permissions.
My organization uses a different authorization protocol. Does SiteWorx support it?
Currently, SiteWorx supports SAML and OIDC SSO; please contact SiteWorxOps@siteworx.io to explore alternative authorization protocols.
Does SiteWorx support Single Log-Out?
SiteWorx can support Single Log-Out (SLO) upon request.
