Skip to main content
Working with others who need a great voice? Refer them here
Common searches: WellSaid Studio Languages Pricing
Categories

Single Sign-On Documentation

Article overview

WellSaid supports Single Sign-On. Enterprise customers can enable SSO to access your WellSaid account, to enhance security and efficiency by reducing the need to manage multiple logins.

 

Getting Started

Once SSO is added to your contract, follow the steps below to get started:

  1. Identify who on your team can help configure the SSO connection (typically IT or another technical resource).
  2. Connect your technical contact with the technical contact at WellSaid (our Support team will loop in the contact at WellSaid). 

Your technical contact will provide an SSO setup link. At the end of the setup, a test connection button will appear:

  • If a successful test is returned, please notify your WellSaid technical contact to fully enable SSO access for the entire team.  
  • If an error message is returned, schedule a 30-minute call with both technical contacts to troubleshoot the connection error.


SAML

Below are sample values.

The values your technical contact will need:

  1. Sign-in URL - Example: https://samlp.example.com/login
  2. Sign-out URL (if sign-out enabled) - Example: https://samlp.example.com/logout
  3. X.509 signing certificate

The values provided by us:

  1. Entity ID : urn:auth0:wellsaidlabs:XXX-saml
  2. ACS URL : https://auth.wellsaidlabs.com/login/callback?connection=XXX-saml
  3. SP initiated - true
  4. SP Certificate - https://auth.wellsaidlabs.com/pem
  5. Attributes - firstname, lastname, email (SAML attributes must be included in the SAML response.)

Note: XXX will be replaced with specific values assigned to your team.


Open ID Connect (OIDC)

Below are sample values.

The values we may need from your team:

  1. Issuer URL
  2. Client ID
  3. Provider domain - Example: wellsaid.io

The values provided by us to configure on your end:

  1. Redirect URL: https://auth.wellsaidlabs.com/login/callback
  2. Initiative login URL: https://studio.wellsaidlabs.com/auth/sso?connection=XXX
  3. Logout URL: https://auth.wellsaidlabs.com/logout

Note: XXX will be replaced with specific values assigned to your team.

 

Troubleshooting

Team members receiving an error? Ensure that they're approved to access WellSaid through your SSO provider.

For any other concerns, please contact our Support for assistance.

FAQs

Q: Will there be a service disruption while SSO is configured? 
A: Minimal, if at all. SSO is set up asynchronously. Once a successful test is achieved, your SSO contact will fully enable SSO and notify all team members with SSO sign-in instructions. 

Q: Is SSO included in my contract? 
A: SSO is an add-on to your contract. To discuss adding this service, please contact your dedicated Account Executive, Customer Success Manager, or Support.

Q: Is IdP initiated supported using SAML? 
A: We only support SP-initiated at this time.

Q: What is the idle timeout for users?
A: 24-hour – Idle timeout
     7-day – Session timeout

Q: What SAML bindings are supported?
A: Binding is automatically set up to support Redirect, but POST is possible.

Q: Is the Assertion Consumer Service URL included in the SAML request?
A: Yes, via the AssertionConsumerServiceURL attribute.

 

 

Related to

Was this article helpful?

0 out of 0 found this helpful

Related articles