Configuring SSO

Common settings

Fullcast currently supports SAML v2 for Single Sign-On with enterprise Identity Providers such as Okta. These are the settings used to configure a SAML identity provider (IdP) for support with Fullcast. You must be a Fullcast Tenant Admin to complete this task. 

Tenant ID

To get started you will need to figure out your Fullcast Tenant ID. You can do this by clicking on your name at the top right corner of the Fullcast App and then under the profile section note down the Tenant ID. This is the set of numbers. Please exclude the friendly name within brackets at the end. 

Post-back URL (ACS URL)

When using IdP-Initiated SSO, make sure to include the connection parameter in the post-back URL:
https://auth.fullcast.io/login/callback?connection={tenantid}

Entity ID

The ID of the service provider is: 
urn:auth0:fcio:{tenantid}
Use connection.options.entityId if available.

SAML Request Binding

Also called the Protocol Binding, is sent to the IdP from Fullcast. If possible, dynamically set the value based on connection.options.protocolBinding :
connection.options.protocolBinding value SAML Request Binding value
Empty value ("") or not present. HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST HTTP-POST

If dynamically setting the value isn't possible, then set as either HTTP-Redirect (default) or HTTP-Post if you selected this option in Protocol Binding.

SAML Response Binding

How the SAML token is received by Fullcast from IdP, set as HTTP-Post.

NameID format

Unspecified

SAML assertion and response

The SAML assertion, and the SAML response can be individually or simultaneously signed.

Logout URL

This is where the SAML identity provider will send logout requests and responses:
https://auth.fullcast.io/logout
SAML logout requests must be signed by the identity provider.

Signed Assertions

Once the configuration is completed in your SSO IdP, please download the certificate in either CER or PEM format. You will need to send this into Fullcast. 

Logo Image

Please download this image to use in your SSO environment for the Fullcast application. 


IdP-initiated Single Sign-on
Not currently supported. You will have to start the login process by navigating to https://app.fullcast.io to begin the SSO login process. In Okta you can use a bookmark App to allow login from the app directory.

Next Steps

To finish configuration of Single Sign On for your Fullcast instance, you will need to file a ticket with the below details:
  1. The Sign in URL for your IdP
  2. The x509 Signing Certificate in either PEM or CER format (see above)
You can alternatively contact your Fullcast Business Partner. 
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us