What's SSO for?

Managing user accounts in Frontify can be a tedious task if you want to share your style guide within a large company. Often, employees come and go and you do not want to end up updating the user access for them all the time.

With SSO you can give automatic viewing access to all (or parts of) employees of your company. You don't need to manage their access to Frontify nor do users have to create a profile with a new password to remember. When activated, the login page shows an additional login button above standard login-form.  

Availability

SSO is available for Business and Enterprise Accounts and can be activated for a one-time setup fee. Make sure that your system supports the SAML 2.0 standard. Most systems do, please contact us for other SSO connectors.

Configuration

The following information is needed in order to configure SSO for your account.

  • Entity ID 
  • SSO Service URL
  • Certificate (x509)
  • Button Label on the login page, e.g. "Employee Login", "Login via Brand Portal"
  • E-Mail domains of your users, e.g. de.frontify.com, us.frontify.de

Upon providing these information, you will receive metadata for the service provider configuration on your side including Audience URI, SSO URL / ACS, default Relay State.

The following fields must be part of the SSO request response:

  • Name ID Format: EmailAddress
  • Application Username: Email

including the following attributes:

  • User.email
  • User.FirstName
  • User.LastName

Finally, you can decide to which styleguides/projects SSO users should get viewing access and to which page users are redirected upon login. You can choose to redirect into your main styleguide, or the dashboard (standard). 

Appendix:

Tutorial how to implement SAML 2 on Microsoft Windows ADFS
SSO - Okta Configuration Example

Did this answer your question?