Skip to main content

Overview

Single Sign-On (SSO) allows your team to access Wolfia using your organization’s identity provider (IdP) like Okta, Azure AD, OneLogin, or Google Workspace. This provides:
  • Centralized access control: Manage user access from your IdP
  • Enhanced security: Enforce your organization’s authentication policies
  • Simplified user experience: One login for all applications
  • Automatic user provisioning: Users can self-service access through your IdP

Supported identity providers

Wolfia supports SSO with all major identity providers:
  • Okta
  • Azure Active Directory (Microsoft Entra ID)
  • Google Workspace
  • OneLogin
  • Auth0
  • PingIdentity
  • JumpCloud
  • Authentik
  • Any SAML 2.0 compatible provider

Prerequisites

Before setting up SSO, ensure you have:
  • Admin access to your identity provider
  • Admin access to Wolfia (must be an Administrator)
  • Your organization’s domain verified in Wolfia
Contact your Wolfia account representative to receive your unique SSO setup link and ensure your organization is configured for SSO.

Setup process

1

Request SSO setup

Contact your Wolfia account representative or email support@wolfia.com to:
  • Enable SSO for your organization
  • Receive your unique SSO configuration portal link
  • Verify your domain configuration
You’ll receive a secure setup link via email that provides step-by-step guidance for your specific identity provider.
2

Access the SSO configuration portal

Click the SSO setup link provided by Wolfia. You’ll be directed to a guided configuration portal where you can connect your identity provider.The portal provides a step-by-step process tailored to your chosen IdP.
3

Select your identity provider

In the configuration portal:
  1. Choose your identity provider from the list
  2. Follow the provider-specific configuration steps
  3. The portal provides detailed instructions tailored to your IdP
Common providers:
  • For Okta, Azure AD, or OneLogin: Follow SAML configuration steps
  • For Google Workspace: Use OAuth-based setup
  • For Authentik: Use SAML or OAuth configuration
4

Configure your identity provider

The configuration portal will provide you with details to enter in your IdP:For SAML providers (Okta, Azure AD, OneLogin, Authentik):
  • Single Sign-On URL (ACS URL): Copy from configuration portal
  • Entity ID (Audience URI): Copy from configuration portal
  • Name ID format: Email Address
  • Attribute statements: Email, First Name, Last Name
In your identity provider:
  1. Create a new SAML application for Wolfia
  2. Enter the configuration details provided by the portal
  3. Assign users or groups who should have access to Wolfia
  4. Note the IdP metadata URL or download the XML certificate
5

Complete the connection

Return to the Wolfia configuration portal and:
  1. Enter your IdP metadata URL or upload the XML certificate
  2. Review the connection details
  3. Click “Finish Setup”
The system will validate the connection and confirm when SSO is active.
6

Test SSO login

Before rolling out to your team:
  1. Open a private/incognito browser window
  2. Go to wolfia.com/auth/login
  3. Enter your work email address
  4. You should be redirected to your identity provider for authentication
  5. After successful authentication, you’ll be logged into Wolfia
Test with your own account first before communicating changes to your team. Ensure you can successfully log in via SSO before disabling other authentication methods.
7

Configure default authentication (Optional)

After verifying SSO works:
  • Contact Wolfia support to set SSO as the default authentication method
  • This ensures all users with your domain automatically use SSO
  • Legacy password authentication can be disabled for enhanced security

User experience after SSO is enabled

Once SSO is configured:
  1. New users:
    • Visit wolfia.com/auth/login
    • Enter their work email address
    • Automatically redirected to your company’s login page
    • After authentication, gain immediate access to Wolfia
  2. Existing users:
    • Next login will automatically use SSO
    • No password changes or setup required
    • Existing sessions remain active until logout
  3. Access control:
    • Users must be assigned to the Wolfia application in your IdP
    • Removing a user from your IdP removes their Wolfia access
    • Your IdP’s authentication policies apply (MFA, IP restrictions, etc.)

Attribute mapping

Wolfia automatically syncs the following attributes from your IdP:
AttributeSAML ClaimUsage
Emailemail or emailAddressUser identifier and login
First NamefirstName or givenNameUser profile display
Last NamelastName or surnameUser profile display
Groups (optional)groupsFor role assignment with SCIM
For advanced attribute mapping or custom claims, contact Wolfia support. We can configure additional attributes as needed.

Troubleshooting

User can’t log in via SSO

Common causes:
  1. User not assigned to Wolfia application in your IdP
  2. Email address doesn’t match between IdP and Wolfia
  3. SSO configuration incomplete or incorrect
Solutions:
  • Verify user is assigned to Wolfia in your IdP
  • Check that email addresses match exactly
  • Review SSO configuration in the setup portal
  • Test with a different user to isolate the issue

Redirect loop or error page

Common causes:
  1. Incorrect ACS URL or Entity ID
  2. Name ID format mismatch
  3. IdP metadata outdated
Solutions:
  • Verify ACS URL and Entity ID in your IdP match the configuration portal
  • Ensure Name ID format is set to “Email Address”
  • Re-upload IdP metadata or update metadata URL
  • Clear browser cache and cookies, then test again

”Invalid SAML response” error

Common causes:
  1. Certificate expired or invalid
  2. Clock skew between IdP and service provider
  3. Assertion not signed
Solutions:
  • Verify IdP certificate is valid and not expired
  • Check time sync on IdP server
  • Ensure SAML assertions are signed in your IdP
  • Contact Wolfia support with error details

Provider-specific guides

Okta configuration

  1. In Okta Admin Console, create a new SAML 2.0 application
  2. Use the ACS URL and Entity ID from Wolfia’s configuration portal
  3. Map attributes: email, firstName, lastName
  4. Assign users or groups to the application
  5. Copy the IdP metadata URL back to Wolfia

Azure AD (Entra ID) configuration

  1. In Azure Portal, create a new Enterprise Application
  2. Choose “SAML” as the single sign-on method
  3. Enter the Entity ID and Reply URL from Wolfia
  4. Configure user attributes and claims
  5. Download the Federation Metadata XML
  6. Upload to Wolfia’s configuration portal

Google Workspace configuration

  1. In Google Admin Console, go to Apps → Web and mobile apps
  2. Add a custom SAML app for Wolfia
  3. Download IdP metadata from Google
  4. Enter ACS URL and Entity ID from Wolfia
  5. Map attributes: Primary email, First name, Last name
  6. Upload Google’s metadata to Wolfia

Authentik configuration

  1. In Authentik Admin Interface, create a new Provider
  2. Choose “SAML Provider” as the type
  3. Enter the ACS URL and Issuer from Wolfia
  4. Configure property mappings for email, name
  5. Create an Application and bind the provider
  6. Export metadata and upload to Wolfia

Need help?

If you encounter any issues during SSO setup:
  • Email: support@wolfia.com
  • Include: Organization name, identity provider type, and any error messages
  • Response time: We typically respond within 1 business day
Our support team is here to help ensure a smooth SSO deployment for your organization.