Add-On Feature

Fountain supports the Single Sign On (SSO) functionality for users. Companies that want their employees to use centralized, company-controlled single sign-on or “SSO” to log into Fountain can add Fountain as a “service provider” (login destination) to many cloud and on-premise identity providers, as well as to custom authentication solutions that support the SAML 2.0 standard. This article will help you set up SSO with Fountain for your organization.

What's Covered 

• Get Started with SSO
• Provide Fountain with SAML Metadata
• Fountain Configures XML Metadata
• Configure SSO Using 3 Secrets 

Get Started with SSO

Fountain's SSO functionality is available as a premium feature and is in early, limited release.  Please contact your Account Manager or Customer Success Manager if you're interested in this feature.

Provide Fountain with SAML Metadata

1. Confirm with your Customer Success Manager that the SSO feature has been enabled for your account.
2. Fountain will provide a dummy app to configure against
3. Use the IdP ID, ACS (Assertion Consumer Service) URL, and Audience URI to generate the Metadata XML
4. Provide the Metadata XML to Fountain to configure the SSO on the Fountain Side.
5. Example:

   Assertion Consumer Service URL: https://fountain.okta.com/sso/saml2/0oa6jonjnq2BHfqbg416
   Audience URI: https://www.okta.com/saml2/service-provider/spbbhfcdzvrzouiihdcg
   IdP ID: 0oa6jonjnq2BHfqbg416

Fountain Configures the XML Metadata

1. Fountain takes the information provided by your organization to configure the SSO
2. Fountain generates the 3 secrets to configure on your organization 

Configure SSO using 3 secrets

1. Take the Fountain shared secrets to configure your organization's SSO
2. After the configuration, we will generate the final Secrets for ACS URL, Audience URI, and IdP ID
3. Please ensure the SAML assertions contain the following keys:
   1. firstName
   2. lastName
   3. email
   4. timezone (optional)

User Sign In