From WATS version 2024.1.3, we will now support a customizable way of adding your own Single Sign On integrations to WATS.
This customizable SSO builds on OpenID Connect (OIDC), an extension to the widely known Framework OAuth v2.0, to add authorization to an OAuth flow and to verify the users identity before access is allowed to your WATS instance.
We will still continue to support the existing Entra ID Integration that exists prior to this WATS version alongside your own custom SSO, but we only allow a single custom SSO at a time.
Requirements:
Due to the nature of a customizable SSO method, there are some limitations and restrictions to what we allow. We will provide guides for implementing a Auth0, Google, Microsoft/Entra ID or Okta SSO, since these all support the requirements. As such, if you are using a different provider than one of these please verify that these requirements are fulfilled:
- The Identity Provider has to support OIDC.
- The Identity Provider has to support either a "code" flow or an "id_token" flow.
- The Identity Provider has to support a https Authority URL.
If you decide to use a non-public Identity Provider (Your own OIDC server or a third-party private server provider), you might need to contact your IT Department or your SSO Providers support staff to get the information you need. Alternatively, you can add "/.well-known/openid-configuration" to the end of your tenant, login or domain URL to see if they provide this information. An example would be "accounts.google.com/.well-known/openid-configuration".
Setup:
If all requirements are filled, you can navigate to your WATS Account Settings and go to "Security Settings".
Click Add Custom SSO. A popup will appear.
You will need to provide at least a Client ID and an Authority URL. If required from your Identity Provider, you may need to fill out the Client Secret. We currently provide standard buttons for Auth0, Google, Microsoft/Entra ID, Okta and a default, non-identifiable button. If you wish to use one of these, please enter either Auth0, Google, Microsoft or Okta into the Name field.
Information about how to get a Client ID, Authority URL and a Client Secret can be found at the following pages:
When you have the Client ID, Authority URL and optionally a Client Secret you can populate the fields in Security Settings and click save. Note that WATS will be restarted automatically upon receiving the next web request, so please allow up to 5 minutes for everything to function properly. A new button on the login page should appear with the design you indicated in the name.
Comments
0 comments
Please sign in to leave a comment.