Use Single Sign-On (SSO) for Foleon to make logging in easy and secure for your workspace and visitors. In this article, we discuss SSO and how it works with Foleon.
⚠️ Important — Foleon only supports SSO through SAML2.0 (Security Assertion Markup Language). You or someone from your company need to have the required knowledge of integrating SSO through SAML. Without the know-how, we can not guarantee a successful implementation.
💡 Foleon only offers SSO for select plans on request. Please contact our Customer Success Management team if you're interested in using this functionality.
In this article
What is SSO?
Single Sign-on, or SSO, is an authentication process allowing a user to access multiple websites or applications with one set of login credentials. This means that once you’ve logged in with your username and password, you don’t have to log in repeatedly for every single application linked to the system. You can look at it as if you have one key that unlocks multiple locks.
Foleon allows you to integrate our product within your SSO environment. This will let your Foleon users and visitors access the product from a secure portal and help protect your content.
There are two ways to make logging in easy and secure for your workspace and audience:
⚠️ Important: Foleon only supports SSO through SAML2.0 (Security Assertion Markup Language). If you are interested in this feature, you or someone from your company need to have the required knowledge of integrating SSO through SAML. Without the know-how, we can not guarantee a successful implementation.
The 3 parties of SSO
There are three parties to be aware of when it comes to Single Sign-On (SSO). Learning these terms will help you understand better who is involved in the process.
-
The User — These are the people who log in through SSO. These can either be visitors of your live Foleon Docs or the users who will access the Foleon dashboard and editor.
💡 For Foleon editor users logging in through Single Sign-On, the login will not be the default app.foleon.com. Instead, the login will be in the https://api.foleon.com/auth/saml/... format. Users with login issues will have to contact the SSO administrator within their company.
-
The Identity Provider (IDP) — An Identity Provider (IDP) stores and manages the digital identities of its users. You can think of IDP as a guest list for your digital applications instead of an event.
In this case, the Identity Provider is you, the Foleon customer. We require you, as the IDP, to provide us with the user's identity that attempts to log in. This identity will not only ensure that we have a successful authentication, but it also provides us with extra information on the user. Think of details such as a first name, last name, and company email address.
-
The Service Provider (SP) — Foleon represents the service provider. We provide a service, which in our case is access to live Foleon docs and the Foleon platform.
Supported suppliers
All suppliers that provide support for the SAML 2.0 standard are supported by Foleon. This list includes (but is not limited to):
How the SSO setup works
The SSO is initiated by Foleon, the service provider (SP). This means we initiate the connection between the Identity Provider (IDP) and the SP. We forward you to the IDP when necessary.
We offer you the option to enable SSO for your content (live Foleon Docs) and for logging in to the platform (the Foleon users). We advise you to consider what you would like to set up SSO for.
➡️ Read our Help Center articles on these two options for more in-depth information:
⚠️ While SSO for Platform should be set up from the main workspace, SSO for Docs needs to be set up on each workspace. Configuring SSO for Docs for multiple workspaces at once can be done upon request. In this case, please contact our Customer Support team for assistance.
Technical specifications
-
Single Log Out (SLO)
Foleon does not provide Single Log Out (SLO). This means that logging out from the dashboard does not log the user out of their other SSO-enabled applications. However, logging out from the IDP might also log you out from Foleon. -
Two Factor Authentication (2FA)
We don’t require Two Factor Authentication (2FA) for the SSO setup. Sometimes service providers need this from the IDP, but Foleon doesn't. It's up to you to decide if you would like to enable 2FA if you want to add an extra security layer to your content. -
Which SSO standards does Foleon support?
We only support SAML2.0 as an SSO standard right now. Another well-known protocol is WS-Fed which we do not support. SAML exchanges authorization and authentication data in XML format. We support the most prominent active directories (ADs). Some supported services include Azure, OKTA, ADFS, Google, and OpenID.
User login
If you're a user that logs in to the platform with SSO for the first time, you may receive an error message.
If this is the case, your account's admin probably didn't give you a user role yet. Please reach out to your SSO administrator or account admin to assign you a user role within Foleon.