Fountain Support

SAML2 SSO is a security standard that allows users to access multiple applications after signing in just once. SAML 2.0 (Security Assertion Markup Language) is an XML-based protocol that facilitates single sign-on (SSO) by securely passing authentication and authorization data between an identity provider (IdP) and a service provider (SP). 

Instead of managing multiple logins, a user authenticates through their company's IdP, which then sends a signed SAML assertion to the SP, granting the user access. Fountain is compatible with any Identity Provider (IdP) that supports the SAMLv2 protocol.

___________________________________________________________

To enable SAMLv2 SSO in your Fountain account, follow the steps below:

Click your company logo in the bottom left side panel and then Settings.

Under the Users section, click the User Access &amp; Security link.

Click Start under the User Single Sign-on (SSO) section.

You'll need to copy the Fountain Service Provider (SP) Settings, such as the ACS URL and SP Entity ID, and paste them into your Identity Provider (IdP).

1. Fountain also provides a SP Metadata URL, which can be directly pasted into most Identity Providers for your convenience. 
    


Locate the settings in your company's Identity Provider's platform. You'll need the Login URL, IdP Entity ID, and Certificate.

Turn the Enabled toggle to "on" which will unlock the IdP fields.

Paste the IdP information into the relevant fields in Fountain.

1. You can typically leave the Alternative Email Key empty. More information on this field is in the <a href="#h_00acce8b0b">next section of this article</a>.

You can test the connection by logging in from an incognito browser.

1. Click your company logo in the bottom left side panel and then Settings.
2. Under the Users section, click the User Access &amp; Security link.
3. Click Start under the User Single Sign-on (SSO) section. 
4. You'll need to copy the Fountain Service Provider (SP) Settings, such as the ACS URL and SP Entity ID, and paste them into your Identity Provider (IdP).
 1. Fountain also provides a SP Metadata URL, which can be directly pasted into most Identity Providers for your convenience. 
 
 
 
5. Locate the settings in your company's Identity Provider's platform. You'll need the Login URL, IdP Entity ID, and Certificate.
6. Copy this information.
7. Turn the Enabled toggle to "on" which will unlock the IdP fields.
8. Paste the IdP information into the relevant fields in Fountain.
 1. You can typically leave the Alternative Email Key empty. More information on this field is in the <a href="#h_00acce8b0b">next section of this article</a>. 
 
 
 
9. Click Save.
10. You can test the connection by logging in from an incognito browser.

Important Note: Once enabled, all users MUST use SAMLv2 SSO to log in. There is no per-user bypass available.

During SSO setup, it is important to maintain your Fountain session. Once enabled, SSO enforcement is strict. Any misconfiguration (on either the IdP or SP side) will lock you out of your Fountain account, requiring you to contact the Fountain support team (<a href="mailto:support@fountain.com" rel="nofollow noopener noreferrer" target="_blank">support@fountain.com</a>) to reset your company's SSO settings.

You can typically leave the Alternative Email Key empty. This setting is only needed when the user's common email address differs from the one used as the NameID. For example, users typically use addresses like <a href="mailto:john.doe@company.com" rel="nofollow noopener noreferrer" target="_blank">john.doe@company.com</a>, but the NameID returns a technical address such as <a href="mailto:1593842082@internal.local" rel="nofollow noopener noreferrer" target="_blank">1593842082@internal.local</a>. In this scenario, you should map the public email address as an additional property in the SAML assertion and enter that property name in this field.

For Microsoft Azure SSO Setup steps, <a href="https://support.fountain.com/en/articles/12712667-fountain-azure-entra-id-setup" rel="nofollow noopener noreferrer" target="_blank">review this article</a>.

SAMLv2 SSO Setup

Fountain.com

Worker Experience Help Center

Developer Tools

Fountain Academy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

No tickets created by you

Try using different keywords or checking for typos.

No tickets found

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

Français

Deutsch

Italiano

Español

url(https://downloads.intercomcdn.com/i/o/h9dh2723/585490/f99dfaa8b6da79691a22f07ed42a/163ab11b8b0d3740d21a9bb86562d229.png)

SAMLv2 SSO Setup

Enabling SSO

Additional Considerations