SSO Configuration

This guide walks you through configuring Single Sign-On (SSO) with Firefly using either Azure AD or Okta as your Identity Provider (IdP). In case you are using a different IdP, please contact Firefly for further instructions.

Set Up the SSO Application

Firefly uses Terraform modules to create and configure your SSO integration. Here's what we'll do:

  1. Create an SSO application in your IdP (Azure AD or Okta)

    • In case of Okta IdP, contact Firefly to receive a certificate

  2. Assign your admins and viewers to dedicated groups

  3. Extract SAML metadata to set up the connection

Examples

Share Your SAML Metadata with Firefly

Please provide us with the SAML metadata URL from your IdP (preferred), or the following details manually:

  • Sign in endpoint

  • Sign out endpoint

  • Signing certificate (PEM format)

Role Sync from IdP (Optional)

If you'd like Firefly to sync users roles from your IdP, please:

  1. Ensure users are assigned to specific and dedicated admins group

  2. Add a group claim to the SAML application

  3. Let us know the exact group names

Validate the SSO Connection

  1. Visit your dedicated Firefly login page (provided by Firefly support team)

  2. Log in using your IdP

  3. You should be redirected to the Firefly platform

If your IdP manages user roles:

  • You should automatically be assigned as an admin if you're in the appropriate group

  • Roles would be updated with first login

SCIM Provisioning (Optional)

If you want to enable SCIM provisioning (user/group sync), it must be done via your IdP UI. SCIM configuration details will be provided by Firefly upon request.

Need Help?

Reach out to your Firefly Customer Success manager or email [email protected] for assistance with your SSO configuration.

Last updated

Was this helpful?