Articles in this section

How to get started with Single Sign-On?

Overview

Single sign-on (SSO) is an authentication process that allows users to access multiple applications with one set of login credentials. Forethought supports SSO authentication in order to provide users a seamless sign-on experience. SSO integration with the Forethought Dashboard provides easy access for larger teams without the burden of managing login credentials.

 

Enabling SSO for User Authentication

Prerequisites

You must have an active Forethought Dashboard account with company admin access. If access is needed, please reach out to support.

 

Supported features

  • SP-initiated SSO (Single Sign-On)

Configuration Steps

Access Forethought Dashboard Settings company-name.forethought.app/sso-settings

 

1. Set Up Application with Metadata XML: Setup a custom application with your Identity Provider (ex: Okta, Azure, etc.) and generate the metadata XML file. You can add via the URL or upload the .xml file.

mceclip0.png

2. Test the SSO configuration: Once you have uploaded the .xml file, please test the SSO with the URL provided under the "Enable SSO" section.

 

3. Successfully Test then Enable SSO: Once you have completed testing successfully and the application is set up with assigned users, please click "Enable SSO" to enable for the organization.

 

4. Enable Bookmark App: This SAML configuration solely supports SP-initiated SSO, with the Service Provider being the Forethought Dashboard. Therefore, you'll need to establish a bookmark app (e.g., an Okta bookmark) that directs to company-name.forethought.app/single-sign-on.

SP-initiated SSO

1. Navigate to your account URL such as acme.forethought.app
2. Press on the button: Sign in with your identity provider

image (40).png

 

Enabling SCIM for Automatic Provisioning (Beta)

Supported features

  • SCIM Create User (Beta)
  • SCIM Update User (Beta)
  • SCIM De-provision User (Beta)

Configuration Steps

Access Forethought Dashboard Settings company-name.forethought.app/sso-settings

1. Login to your Okta account

2. Click Admin

3. Click the Forethought AI application

4. In the Sign On tab, ensure that Application username format is set to Email

5. Go to the Provisioning tab and click Configure API Integration

6. Access Forethought Dashboard Settings company-name.forethought.app/sso-settings

7. In the Configure SCIM section, press "Enable SCIM".

8. In the Configure SCIM section,  press on "Copy API key".

9. In Okta, toggle Enable API Integration and paste Token into the API Token field, then click Save.

10. Enable Create Users, Update User Attributes, Deactivate Users

Screenshot 2024-04-11 at 5.10.01 PM (1).png

Troubleshoot 

Please contact us via chat or email at support@forethought.ai for help troubleshooting SSO setup.

Was this article helpful?
4 out of 4 found this helpful

More resources

  • Need support?

    Submit a request and our support team will assist you

  • Business hours

    Monday to Friday 8am - 5pm PST excluding US holidays

  • Contact us

    support@forethought.ai