Configuring SSO
Common settings
Fullcast currently supports SAML v2 for Single Sign-On with enterprise Identity Providers such as Okta. These are the settings used to configure a SAML identity provider (IdP) for support with Fullcast. You must be a Fullcast Tenant Admin to complete this task.
Tenant ID
To get started you will need to figure out your Fullcast Tenant ID. You can do this by clicking on your name at the top right corner of the Fullcast App and then under the profile section note down the Tenant ID. This is the set of numbers. Please exclude the friendly name within brackets at the end.
Post-back URL (ACS URL)
When using IdP-Initiated SSO, make sure to include the connection parameter in the post-back URL:
https://auth.fullcast.io/login/callback?connection={tenantid}
Entity ID
The ID of the service provider is:
urn:auth0:fcio:{tenantid}
Use
connection.options.entityId if available.
SAML Request Binding
Also called the Protocol Binding, is sent to the IdP from Fullcast. If possible, dynamically set the value based on
connection.options.protocolBinding :
connection.options.protocolBinding value |
SAML Request Binding value |
| Empty value ("") or not present. | HTTP-Redirect |
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
HTTP-Redirect |
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
HTTP-POST |
If dynamically setting the value isn't possible, then set as either HTTP-Redirect (default) or HTTP-Post if you selected this option in Protocol Binding.
SAML Response Binding
How the SAML token is received by Fullcast from IdP, set as HTTP-Post.
NameID format
Unspecified
SAML assertion and response
The SAML assertion, and the SAML response can be individually or simultaneously signed.
Logout URL
This is where the SAML identity provider will send logout requests and responses:
https://auth.fullcast.io/logout
SAML logout requests must be signed by the identity provider.
Signed Assertions
Once the configuration is completed in your SSO IdP, please download the certificate in either
CER or
PEM format. You will need to send this into Fullcast.
Logo Image
Please download this image to use in your SSO environment for the Fullcast application.
IdP-initiated Single Sign-on
Not currently supported. You will have to start the login process by navigating to
https://app.fullcast.io to begin the SSO login process. In Okta you can use a bookmark App to allow login from the app directory.
Next Steps
To finish configuration of Single Sign On for your Fullcast instance, you will need to file a ticket with the below details:
- The Sign in URL for your IdP
- The x509 Signing Certificate in either PEM or CER format (see above)
You can alternatively contact your Fullcast Business Partner.