SSO
      Back to home
      1. Fluint Help Center
      2. Admin Setup for Team Licenses
      3. SSO

      Configuring SSO with Generic SAML/OIDC Providers

      This guide covers setting up SSO with identity providers not specifically covered in our other guides, including Auth0, OneLogin, Ping Identity, JumpCloud, Duo, and Salesforce.

      Prerequisites

      • Admin access to your identity provider
      • Completed Step 1 from the main SSO setup guide
      • Your Fluint URLs:
        • Callback URL: https://app.fluint.io/auth/sso-callback
        • Entity ID: https://app.fluint.io

      Generic SAML Configuration

      Use these standard values when configuring any SAML-compliant identity provider:

      Required SAML Settings

      SP-initiated SSO URL: https://app.fluint.io/auth/sso-callback SP Entity ID: https://app.fluint.io Assertion Consumer Service URL: https://app.fluint.io/auth/sso-callback Recipient URL: https://app.fluint.io/auth/sso-callback Destination URL: https://app.fluint.io/auth/sso-callback Audience: https://app.fluint.io

      Additional SAML Settings

      NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress NameID Value: User's email address Binding: HTTP-POST Signature Algorithm: RSA-SHA256 (recommended) Digest Algorithm: SHA256 (recommended)

      Required Attributes

      Configure these user attributes to be sent in the SAML assertion:

      Attribute Name Required Source Field Description
      email ✅ Yes User's email address Primary identifier
      first_name Optional User's first name Display name
      last_name Optional User's last name Display name

      Information Needed from Your IdP

      After configuring your identity provider, you'll need these values for Fluint:

      • IdP SSO URL (Sign-on URL/Single Sign-On URL)
      • IdP Entity ID (Identity Provider Issuer)
      • X.509 Certificate (Signing certificate in PEM format)

      Generic OIDC Configuration

      Use these standard values for any OpenID Connect-compliant identity provider:

      Required OIDC Settings

      Redirect URI: https://app.fluint.io/auth/sso-callback Post Logout Redirect URI: https://app.fluint.io/logout Response Type: code Grant Type: authorization_code Scopes: openid profile email

      Information Needed from Your IdP

      After configuring your identity provider, you'll need these values:

      • Client ID
      • Client Secret
      • Issuer URL (Discovery endpoint base URL)
      • Authorization URL (Authorization endpoint)
      • Token URL (Token endpoint)
      • UserInfo URL (UserInfo endpoint)

      Provider-Specific Quick References

      Auth0

      Application Type: Regular Web Application Allowed Callback URLs: https://app.fluint.io/auth/sso-callback Allowed Logout URLs: https://app.fluint.io/logout

      OIDC Endpoints:

      • Issuer: https://your-domain.auth0.com/
      • Authorization: https://your-domain.auth0.com/authorize
      • Token: https://your-domain.auth0.com/oauth/token
      • UserInfo: https://your-domain.auth0.com/userinfo

      OneLogin

      SAML Configuration:

      • Access via Applications > Applications > Add App
      • Search for "SAML Test Connector" or create custom SAML app
      • Use the standard SAML settings above

      OIDC Configuration:

      • Application Type: Web
      • Use standard OIDC settings above

      Ping Identity (PingOne/PingFederate)

      SAML Configuration:

      • Create new SAML application
      • Configure as Service Provider (SP)
      • Use standard SAML settings above

      OIDC Configuration:

      • Application Type: Web App
      • Grant Types: Authorization Code
      • Use standard OIDC settings above

      JumpCloud

      SAML Configuration:

      • Go to SSO > + (Add New Application)
      • Select Custom SAML App
      • Use standard SAML settings above

      Attribute Mapping:

      • emailemail
      • firstnamefirst_name
      • lastnamelast_name

      Duo (SAML Only)

      Application Type: Generic Service Provider Configuration:

      • Use standard SAML settings above
      • Ensure users are assigned to the application
      • Configure attribute mapping for email

      Salesforce (SAML Only)

      Connected App Configuration:

      • Go to Setup > App Manager > New Connected App
      • Enable SAML
      • Entity ID: https://app.fluint.io
      • ACS URL: https://app.fluint.io/auth/sso-callback

      Complete Setup in Fluint

      For SAML Providers

      In your Fluint SSO connection, enter:

      IdP SSO URL: The sign-on URL from your provider IdP Entity ID: The entity ID/issuer from your provider X.509 Certificate: The signing certificate (include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers)

      For OIDC Providers

      In your Fluint SSO connection, enter:

      Client ID: From your provider Client Secret: From your provider Issuer URL: The base discovery URL Authorization URL: The authorization endpoint Token URL: The token endpoint
      UserInfo URL: The userinfo endpoint

      Testing Your Configuration

      1. Follow the testing steps from the main guide
      2. Verify users are redirected to your identity provider
      3. Check that the email attribute is properly received
      4. Confirm successful authentication returns users to Fluint

      Common Configuration Issues

      SAML Issues:

      • Certificate format: Ensure certificate includes proper headers and no extra spaces
      • URL mismatches: Verify all URLs exactly match (case-sensitive)
      • Attribute mapping: Confirm email attribute is configured and sent

      OIDC Issues:

      • Redirect URI: Must exactly match https://app.fluint.io/auth/sso-callback
      • Scopes: Ensure openid profile email scopes are requested
      • Client credentials: Verify Client ID and Secret are correct

      Need Help?

      If your identity provider isn't working with these generic instructions:

      1. Check your provider's documentation for SAML/OIDC configuration
      2. Verify all URLs and credentials are entered correctly
      3. Review error messages in both systems

      Next Steps