Add-On Feature

Fountain supports the Single Sign On (SSO) functionality for users. Companies that want their employees to use centralized, company-controlled single sign-on or “SSO” to log into Fountain can add Fountain as a “service provider” (login destination) to many cloud and on-premise identity providers, as well as to custom authentication solutions that support the SAML 2.0 standard. This article will help you set up SSO with Fountain for your organization.

What's Covered 

• Get Started with SSO
• Initial Set-Up
• Fountain Configures

Get Started with SSO

Fountain's SSO functionality is available as a premium feature and is in early, limited release.  Please contact your Account Manager or Customer Success Manager if you're interested in this feature.

• Fountain uses Okta as our IDP provider. We support SAML 2.0 

• Fountain does not offer enforced SSO at this time

• Fountain does offer JIT (Just In Time) provisioning 

• Fountain does not offer SCIM user provisioning at this time

Initial Set-Up

1. Confirm with your Customer Success Manager that the SSO feature has been enabled for your account.

2. Fountain will provide you with the 3 secrets to configure your organization: ACS URL, Audience URI, and IdP ID

3. Use the IdP ID, ACS (Assertion Consumer Service) URL, and Audience URI to generate the

   x509 certificate

4. Provide the x509 certificate to Fountain to configure the SSO on the Fountain Side.
5. Example:

   Assertion Consumer Service URL: https://fountain.okta.com/sso/saml2/0oa6jonjnq2BHfqbg416
   Audience URI: https://www.okta.com/saml2/service-provider/spbbhfcdzvrzouiihdcg
   IdP ID: 0oa6jonjnq2BHfqbg416

Fountain Configures

1. Fountain takes the information provided by your organization to configure the SSO

User Sign In