Single Sign-On (SSO) Setup

PreviousOnboarding New Users to Your Finout Account NextEnterprise Discount Program (EDP)

Last updated 1 month ago

Single Sign-On (SSO) Setup

SSO Overview

Single Sign-On (SSO) setup simplifies user authentication and access management across multiple applications within an organization. It allows users to securely authenticate once and access various services without having to re-enter credentials. Integrating your SSO providers with Finout enhances security and streamlines administration by reducing the risk of credential-based attacks.

Connect Your SSO Providers to Finout

Follow this procedure to integrate your SSO provers with Finout.

To connect SSO providers to Finout:

In Finout, navigate to the Admin Portal.
In the Admin Portal navigation bar, click SSO.
Click on Setup SSO connection. The Setup SSO connection appears.

Select the SSO provider with which you wish to connect with Finout.
Note: It is recommended to choose the SAML integration.
Follow the onscreen instructions for the chosen SSO provider. You are redirected to the Self-service SAML configuration/SSO configuration.
Enter a Domain Name and click Proceed.
Note: The domain must be claimed by copying the TXT record and applying it to your DNS provider.
The Record Name and Record Value appear.
Copy this data and add it to a new TXT record in your DNS file, then click Proceed. You are brought to the Manage Authorization step.
Assign default roles to all SSO users by adding one or more account roles from your list of predefined roles.
You can optionally map your IdP groups to roles available in the application.
Note: Ensure that your IdP passes the groups attribute that is sent in the SAML Assertion.
Click Done and save the connection.
Login into Finout using the SSO to ensure that it is enabled.

FAQs

If a user has the following groups:

Group A in Active Directory: Connected to Group 1 in Finout.
Group B in Active Directory: Connected to Group 2 in Finout.

What permissions will the user have if they are moved from Group A to Group B?

The user will have access to both Group 1 and Group 2 in Finout. To remove access to Group A, you must remove it from Group A in Finout.

What happens if a user is part of an Active Directory group and belongs to another group in Finout?

The user will have access to both groups in Finout. This access will be effective immediately upon the next login.

If a user belongs to multiple SAML groups with corresponding groups in Finout, will Finout assign the user to all these matching groups?

Yes, if a user belongs to multiple SAML groups with corresponding groups in Finout, Finout will assign the user to all of these matching groups.

Does Finout support re-evaluating user group memberships upon every SAML login?

No, group provisioning happens only when the user onboards Finout. Then, they need to manage the groups in the admin portal and Finout groups settings.