Add-On Feature

Fountain supports the Single Sign On (SSO) functionality for users. Companies that want their employees to use centralized, company-controlled single sign-on or “SSO” to log into Fountain can add Fountain as a “service provider” (login destination) to many cloud and on-premise identity providers, as well as to custom authentication solutions that support the SAML 2.0 standard. This article will help you set up SSO with Fountain for your organization.

What's Covered 

• Get Started with SSO
• Provide Fountain with SAML Metadata
• Fountain Configures XML Metadata
• Configure SSO Using 3 Secrets 

Get Started with SSO

In order to setup the SSO configuration, you'll need to create an account by reaching out to Fountain team here. Already contacted Fountain support them? Please skip to the next section.

Provide Fountain with SAML Metadata

1. Reach out to your CSM or support@fountain.com to enable SSO for your account.
2. Fountain will provide a dummy app to configure against
3. Use the IdP ID, ACS (Assertion Consumer Service) URL, and Audience URI to generate the Metadata XML
4. Provide the Metadata XML to Fountain to configure the SSO on the Fountain Side.
5. Example:

   Assertion Consumer Service URL: https://fountain.okta.com/sso/saml2/0oa6jonjnq2BHfqbg416
   Audience URI: https://www.okta.com/saml2/service-provider/spbbhfcdzvrzouiihdcg
   IdP ID: 0oa6jonjnq2BHfqbg416

Fountain Configures the XML Metadata

1. Fountain takes the information provided by your organization to configure the SSO
2. Fountain generates the 3 secrets to configure on your organization 

Configure SSO using 3 secrets

1. Take the Fountain shared secrets to configure your organization's SSO
2. After the configuration, we will generate the final Secrets for ACS URL, Audience URI, and IdP ID
3. Please ensure the SAML assertions contain the following keys:
   1. firstName
   2. lastName
   3. email
   4. timezone (optional)

User Sign In