Fabriq’s SSO feature allows enterprise customers to access the app using a single authentication source, allowing IT administrators to manage team access and improve security.
ℹ️ SSO is only available for:
• Customers on the Enterprise plan
• As an add-on for customers on the standard plan
❗️ Your company must use an identity provider like Active Directory, Google Workspace, Okta, OneLogin or Gluu.
💡 Advantages of SSO
There are several advantages to implementing SSO for your workspace.
It improves security by eliminating the need for users to remember and manage multiple sets of login credentials. This reduces the risk of password reuse and makes it easier for your workspace to enforce strong password policies.
It improves user productivity and enhances user experience by reducing the amount of time users spend logging in and out of different applications.
It significantly reduces Fabriq onboarding times as users do not need to be invited manually.
👷♀️ Setting up SSO for your workspace
To set up SSO for your workspace, you will need to do the following:
Contact us at [email protected] so that we provide you with a configuration according to your identity provider. You must inform us of both your identity provider and the list of domains for which you wish to enable SSO.
Once the configuration is provided and you have completed the setup, you send us the federation metadata URL of the application.
We schedule a 30-minute call with you in order to perform tests on your production environment.
Then, you can either choose to:
deploy it during the call
deactivate it and agree on a deployment date if there’s a need to internally communicate about it
Et voila! 🎊
⏱ It takes us less than 5 minutes to setup SSO on our end, so the process can be done very quickly.
In conclusion, implementing SSO can provide many benefits for your workspace, including improved security, increased productivity, and a better user experience. By following the steps outlined above, you can easily set up SSO for your workspace and start enjoying these benefits.
FAQs
How do I manage Fabriq users with fake email addresses and generic accounts?
Before activating SSO on your environment, we ensure that the email addresses of those users are moves to a domain respecting the pattern customer.fabriq.tech. This way, they will still be able to connect to Fabriq with their emails and passwords.
If I change the email address of a user, will they loose access to Fabriq?
No, as long as you provide us with a unique user identifier in the SAML attributes.
We make sure that it is the case during the setup call.
What motivates our preference of using a unique user identifier as the NameId?
Using a unique user identifier as the NameId instead of an email address or a user principal name ensures that the user's access to Fabriq remains intact in case their email address changes. The UID serves as a constant identifier linked to the user's account, whereas an email address is subject to change.
If I remove a user from the identity provider, would they still be able to connect to Fabriq?
No, users removed from the identity provider loose access to Fabriq, as access to the identity provider is required for SSO. They do not have a fallback with email address and password.
As a new user, do I need to create an account or receive an invitation in order to join Fabriq?
With SSO in place, anyone can access Fabriq as long as the identity provider allows them to do so.
If you do not yet have an account, it is automatically created upon your first sign-in. After that, you can either request access to teams or be invited to join by other users with the appropriate rights.