SSO Configuration
This guide walks you through configuring Single Sign-On (SSO) with Firefly using your own Identity Provider (IdP).
Set up the SSO Application
You can configure your SSO integration manually with the assistance of the Firefly Support Team or manage the process using our dedicated Terraform modules. Regardless of the method, the integration involves the following core steps:
Identity Provider (IdP) Configuration: Create a new SSO application within your IdP (Azure AD or Okta).
Certificate Procurement: For Okta integrations, please reach out to the Firefly Support Team to receive your required certificate.
Assignment: Assign your relevant users to the Firefly app within your IdP.
Metadata Exchange: Extract the SAML metadata from your IdP to finalize the connection.
Examples
Share Your SAML Metadata with Firefly
Please provide us with the SAML metadata URL from your IdP (preferred), or the following details manually:
Sign in endpoint
Sign out endpoint
Signing certificate (PEM format)
Mapping via IdP Groups (Optional)
Firefly streamlines Role-Based Access Control (RBAC) by synchronizing your internal teams directly with IdP group memberships.
To enable this synchronization, Firefly utilizes a specific naming convention to map IdP groups to RBAC Teams:
IdP Group Requirement: The group name must use the
firefly-prefix.Mapping Logic: Firefly identifies the target team by stripping the prefix from the IdP group name.
Example: An IdP group named
firefly-workflows-viewerswill automatically sync with the Firefly team workflows-viewers.
SCIM Provisioning (Optional)
If you want to enable SCIM provisioning (user/group sync), it must be done via your IdP UI. SCIM configuration details will be provided by Firefly upon request.
Need Help?
Reach out to our Support Team or email [email protected] for assistance with your SSO configuration.
Last updated
Was this helpful?