This article covers the most frequently asked questions about single sign-on and multi-factor authentication:
Single-sign on (SSO) allows users to securely access their apps through their organization’s identity provider (IdP), like Azure AD, Okta, or Google. With SSO, users don’t have to remember separate usernames and passwords for each app they use. They only need to log in once using their IdP credentials.
SSO can help improve security and compliance by centrally managing logins and authentication across your organization. It also streamlines user logins and reduces login fatigue.
Fiix supports SSO. Once SSO for Fiix is set up, all users can log in to Fiix indirectly using their IdP credentials.
An Identity Provider (IdP) is a service that stores and manages user identities in your organization. IdPs check for authentication factors like an email address, password, or a repeatedly-used device to ensure a user is who they say they are.
In an enterprise context, IdPs help IT teams manage many users at once and improve their organization’s information security. Fiix supports integration with many IdPs through single-sign on (SSO).
Fiix does not natively support Multi-Factor Authentication (MFA), but MFA can be set up indirectly using single-sign on (SSO). With SSO, your users’ Fiix logins are rerouted through your IdP, like Google or Okta, allowing for MFA.
To enable MFA:
-
Your organization’s Identity Provider (IdP) must allow MFA.
-
Fiix’s SSO integration must support your type of IdP.
For more information about setting up SSO for MFA, see Set up single sign-on (SSO) or contact our support team.
Fiix supports SAML2.0 and OpenID Connect protocols for SSO. This means IdPs like Okta, Azure Active Directory (AD), and Google are all supported. Organizations with on-premise IdPs can also use SSO, and setup is arranged on a case-by-case basis. To find out whether Fiix supports your IdP, contact our support team.
SSO is available on Enterprise plans only. SSO works with both new and pre-existing Fiix tenants, as long as SSO has not already been set up.
Fiix works directly with your IT team or administrator to set up SSO. Your IT team needs an existing and compatible IdP, and to be able to share certificates and IdP information with Fiix .
Switching to SSO is permanent, and tenants with SSO enabled cannot be reverted back. SSO-enabled tenants also cannot be duplicated (cloned).
SSO setup takes approximately 24-48 hours once your organization and the implementation team have shared certificates and IdP information. There is a one-time fee for setting up SSO. To learn more, contact our support team.
Once a Fiix tenant has been set up with SSO, it can no longer be reverted back to a non-SSO tenant.
Tenants with SSO also cannot be duplicated (cloned).
Once SSO is set up, users will no longer be able to log in or out using Fiix’s login portal. All user logins will go through your organization’s IdP. Fiix tenants can’t support both SSO and native logins at the same time.
Guest users will still be able to access the work request portal as normal.
If you have an SSO-enabled Fiix tenant, we’ll need to reconfigure it for a new IdP. Our Integration team will walk you through the process of reconfiguring your SSO.
To reconfigure your SSO-enabled tenant for a new IdP:
-
Set up a discovery call with your Fiix application consultant.
-
Our teams work together on configuration.
-
We finalize and test your tenant to ensure everything is working smoothly.