Hang in there, your answer is on the way...

SSO: Setting Up Single Sign-On (SSO) Login for Your Organization

7 min read
Before you begin:
Single Sign-On (SSO) is an authentication method that lets users in an organization sign in to their Wix account using their organizational profile login details. 
A screenshot of Wix's SSO login option

Step 1 | Find your Identity Provider (IdP) settings

Important:
Make sure to set the SSO configuration in your IdP settings to allow the admin to ask for consent on behalf of all users.
To set up SSO login for your organization, Wix needs some information from the settings of your Identity Provider (IdP). The information that you need to find is the Client ID, Client Secret, and the Config URL.
You can use any IdP that supports the Open ID Connect protocol. Some IdPs use different terminology for the settings information that Wix needs. Check below for some helpful info about the most common IdPs and the terminology that they use. 

Azure

You can find the information you need on the App Registration page that you created for Wix on your Azure Portal. Learn more about registering an app
You need to have one of the following roles in Azure to view this information: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
Wix name 
Azure name
Where to find it
Client ID
Application (client) ID 
Under Essentials on the Overview tab
Client Secret
Client secret
Click the link under Client Credentials on the Overview tab
Config URL
OpenID Connect metadata document
Select Endpoints on the Overview tab
A screenshot of an app registration in Azure Portal
Important:
We recommend reading Microsoft's documentation on how to configure Open ID Connect.

Okta

You can find the information you need on the OIDC app page in your Okta account. Learn more about managing your OIDC app
Wix name 
Okta name
Where to find it
Client ID
Client ID
In the Client Credentials section of the General tab
Client Secret
Client secret
In the Client Credentials section of the General tab
Config URL
Open ID Server Discovery Endpoint
This is not found in your Okta account. You need to create this URL yourself.

Use the format "https://${yourOktaOrg}/.well-known/openid-configuration", where ${yourOktaOrg} is your Okta domain.
Important:
We recommend reading Okta's documentation on how to configure Open ID Connect.

Step 2 | Go to your account's SSO Settings

Next, you need to go to your the SSO Settings section of your account's dashboard.

To go to your SSO Settings:

  1. Sign in to your Wix account.
  2. Click Settings.
  3. Click SSO & SCIM Settings.

Step 3 | Select the type of SSO login you want to allow

Wix provides two types of SSO login: SSO for employees and SSO for clients. Depending on how your account is set up for your organization, you may see one or both of these options. You can select the type of SSO login you want to set up in the SSO Settings of your dashboard.
Click Add next to the type of SSO login you want to allow:
  • SSO for employees: Allow SSO login for your organization’s employees.
  • SSO for clients: Allow SSO login for clients who use your platform.
A screenshot of the SSO types in SSO Settings
Tip:
Your account owner and any account admins (co-owners) can access your SSO Settings. You can also create a new role with the Manage SSO permission to grant access to other users in your organization.

Step 3 | Add your IdP information in SSO Settings

Next, you need to add the settings information from your Identity Provider in your Wix account's SSO Settings. This will let your Identity Provider communicate with Wix using the OpenID Connect protocol.

To add your IdP information:

  1. Enter the Client ID from your IdP in the Client ID field.
  2. Enter the Client Secret from your IdP in the Client Secret field.
  3. Select the Config URL option that you want to use: 
4.  (Optional) Copy the Logout URL value from the Logout URL field. This is a read-only URL that Wix generates based on the values you provided in the previous steps and the Open ID Connect protocol.
5.  Click Save Changes.

Step 4 | Copy the Callback URL if your IdP requires it

When a user successfully authenticates themselves using an SSO service, the SSO service redirects to a predefined URL. This URL is known as a callback URL (sometimes called a redirect URL or a reply URL).
Wix automatically generates two callback URLs based on the information that you added in the Information from your IdP section of your SSO Settings. 
The two callback URLS are:
  • Web logins URL: For users who log in using a computer
  • Mobile app logins URL: For users who log in using a mobile device
Note:
It is not possible to edit these URLs. 
The callback URLs are based on the Open ID Connect protocol. If you need to provide a callback URL to your IdP, click the Copy icon  next to the relevant URL to copy it.
A screenshot of copying a callback URL in SSO Settings

Step 5 | Enable SSO login and set as required if needed

After you've added your IdP's information, you can enable SSO login to let your users sign in using SSO. You can also choose to require your users to sign in using SSO and disable all other methods for signing in.

To enable SSO login and set as required:

  1. Click the Enable SSO toggle to enable or disable SSO login:
    • Enabled: Your users can sign in to their Wix account using SSO or other methods such as an email address and password.
    • Disabled: Your users cannot sign in using SSO. They can still sign in using other methods.
A screenshot of enabling SSO logins in SSO Settings
  1. Click the Set SSO as required toggle to choose whether or not you want to require your users to sign in by SSO.
    • Enabled: Users can only sign in with SSO. They cannot sign in using other methods such as an email and password. Account owners can still sign in using other methods.
    • Disabled: Users can sign in using SSO or other methods.
Important:
Wix recommends that you manually test your SSO settings before setting SSO as required. 
3.  Click Save Changes.

Step 6 | Copy your SSO login page info

Wix generates a login page URL after you add your IdP details to the Information from your IdP section and save them. Your users can log in with SSO using this login page URL. You can also use it to test settings.
Select the login page URL and copy it to share it with your users.

Step 7 | Copy the SSO ID (SSO for clients only)

Note:
This step is only relevant if you chose SSO for Clients in Step 2.
When you choose to set up SSO for your clients, Wix generates an SSO ID after you add your IdP details to the Information from your IdP section and save them. 

This SSO ID is not part of the Open ID Connect protocol. Wix uses this ID as an identifier when we create accounts for new users who use SSO for their first sign-in. 
Click the Copy icon  next to the SSO ID if you need to copy it.
A screenshot of copying the SSO ID in SSO Settings

(Optional) Step 8 | Customize the Advanced settings

You can use the Advanced settings to override certain fields in your IdP's settings. This is useful when the default fields in your IdP are not defined by the Open ID Connect protocol.

To set claims override mapping:

  1. Enter the user ID you want to use in the IdP User ID field.
  2. Enter the email address you want to use in the Email field.
  3. Enter a name the First Name field.
  4. Enter a name in the Last Name field.
  5. Enter a URL for the image you want to use for profiles in the Profile image field.
  6. Enable the JIT-Provisioning toggle if you want to create a new account when a user signs in for the first time.
  7. Click Save Changes.

Need more help?
Read more about SSO in our troubleshooting and error codes article.

Did this help?

|