¶ Enabling SP Initiated Single Sign On
The Wyebot Wireless Intelligence Platform dashboard supports SSO via SAML protocol. There are two authentication methods
- IdP Initiated - Login must be done from your SSO platform
- SP Initiated - Login from the Wyebot platform, and get redirected to SSO.
To enable SP Initiated SSO, there are some additional steps which are discussed in this article.
¶ Important Notes
- The Entity ID in your SAML app must be set to
https://cloud.wyebot.com - Enabling SP Initiated login will disable local user logins to the Wyebot dashboard. If the SP Initiated logins are not working, you can still access the Wyebot app from your SSO provider, or you can email support@wyebot.com and we can restore access.
- This guide assumes that you have already completed the steps for your SSO provider from this article. This will mean that you already have IdP Initiated login working prior to enabling SP Initiated login.
- SP Initiated login expects that all of your Wyebot user accounts will use the same email domain. If you have multiple email domains that need to access the dashboard, and SP Initiated login is a requirement, please email support@wyebot.com.
¶ Instructions
- Before we set up SP Initiated login, please make sure that you have already set up and tested IdP Initiated login by following steps for your SSO provider from this article.
- Log in to your IDP. You will copy a URL which may be referred to as the Login URL or Single Sign On URL. The screenshot below shows Microsoft Entra ID.
For Google Workspace, click Manage Certificate inside the SAML app configuration to see the SSO URL.
- Log in to your Wyebot dashboard with an email on the domain you plan to use for SP initiated SAML. Navigate to Management > Users.
- Click on your exising IdP profile to update the configuration. Click Enable next to SP-Initiated Login. Paste the URL you copied into the IdP Login URL field. When finished, click Update.
The Domain field is automatically populated based on the currently logged in user. This field cannot be manually edited, so make sure you are logged in from the same email domain as the rest of the Wyebot users.
For Microsoft ADFS, an additional step is required.
- At this point, SP Initiated SSO should be working. To test, log out of the Wyebot dashboard. Then, in a new tab go to https://cloud.wyebot.com and enter an email address that is associated with your SSO provider.
After clicking Next, you should get redirected to your SSO login page. Complete the sign on on the SSO page, and you will be automatically logged into the Wyebot dashboard.
You may get logged in automatically with no redirection if your browser already has an active session with your SSO provider. Use an incognito browser to test in this case.
¶ Microsoft ADFS
An additional step is required for SP-Initiated SAML with Microsoft ADFS
- In the Relying Party Trusts of ADFS, select the Wyebot app and click Edit Claim Issuance Policy
- Click Add Rule
- Select Transform an Incoming Claim and click Next
- Enter the following values:
Claim rule name:nameId
Incoming claim type:UPN
Outgoing claim type:Name ID
Outgoing name ID format:Email - Click Finish
