Introduction
Whip Around supports Single Sign-On (SSO) to enhance security and streamline login processes for your organization. By using SSO, users can access Whip Around through their company’s identity provider (IdP), such as Microsoft Azure Active Directory (Entra ID), without needing a separate password.
Whip Around supports both SAML and OIDC protocols, and this guide will help you configure and use the SSO feature for your organization.
What is SSO and How Does It Work?
SSO allows users to log in to multiple applications with a single set of credentials. Instead of managing separate usernames and passwords for each service, users authenticate through their organization’s identity provider, and access is granted based on predefined permissions.
OIDC (OpenID Connect): A modern identity layer built on top of OAuth 2.0, recommended for new integrations.
SAML (Security Assertion Markup Language): A legacy XML-based protocol for authenticating users through an external IdP.
How Whip Around’s SSO Works:
Whip Around offers SP-initiated SSO, meaning users log in from Whip Around, which sends an authorization request to your identity provider. Once authenticated, users are granted access to Whip Around without entering additional credentials.
Benefits of SSO:
Simplified login: Users only need to remember one set of credentials.
Enhanced security: Authentication is handled by a trusted identity provider.
Centralized management : IT admins can control user access and enforce security policies from a single point of management.
Configuring SSO in Whip Around
Follow the steps below based on your preferred protocol (OIDC or SAML) to configure SSO for Whip Around.
Option 1: OIDC Configuration (Recommended)
Prerequisites:
• Global Administrator rights to MS Entra ID.
• Ensure you’ve completed the preparation steps in Microsoft Azure AD.
Steps:
Register Whip Around as a New App:
Log in to the Azure portal and navigate to Azure Active Directory (Entra ID).
Go to App Registrations and select + New Registration.
Name the app “Whip Around” and set Supported account types to “Accounts in this organizational directory only.”
Under Redirect URI, select “Web” and enter: https://whiparound.us.auth0.com/login/callback.
Configure App Secrets and Permissions:
Generate a Client Secret and store it securely.
Assign the necessary API permissions (e.g., Directory.Read.All) to the application.
Share Configuration with Whip Around:
Provide Whip Around with the Application (client) ID and Client Secret for finalizing the setup.
For detailed steps refer to the file attached.
Option 2: SAML Configuration
Prerequisites:
• Global Administrator rights to MS Entra ID.
• Complete the necessary preparation steps in Microsoft Azure AD.
Steps:
Register Whip Around as an Enterprise App:
Log in to the Azure portal and navigate to Enterprise Applications.
Select + New Application, name it “Whip Around”, and create the app as Non-gallery.
Set up Single Sign-On (SAML) by entering the Entity ID (provided by Whip Around) and Reply URL as https://whiparound.us.auth0.com/login/callback.
Download and Share SAML Certificate:
Download the X509 Certificate in Base64 format and share it along with the Login URL with Whip Around.
Finalizing the Setup:
Whip Around will integrate your configuration into their system to enable SSO.
For detailed steps refer to the file attached.
Action Items for Going Live:
Testing the Connection:
Once the setup is completed, test the SSO login process by attempting to log in to Whip Around through your identity provider.
User Provisioning and De-provisioning:
• While the user de-provisioning is available out of the box, Initially, user provisioning will be managed manually. Whip Around will work closely with your team to streamline this process over time.
Please contact us at [email protected] or call us at +1 704 489 3268 if you encounter any issues or need further assistance.