SSO: Setting Up Single Sign-On (SSO) Login for Your Site Members
6 min read
Important:
Currently, SSO login is only available with Wix Studio enterprise solution and Wix Channels.
Single Sign-On (SSO) is an additional authentication method that lets site members sign in to your Wix site using their organization profile login credentials. If you wish to create specific pages on your site which can only be accessed by site members using SSO, you'll first need to create members only pages.
Once you have members only pages, go to Site Member Settings in your site's dashboard and follow the steps below to enable SSO login for your Wix site.
Step 1 | Add your Identity Provider (IdP) information
Important:
- Wix currently supports only the Open ID Connect protocol.
- Make sure to set the SSO configuration in your IdP settings to allow the admin to ask for consent on behalf of all users.
To set up SSO login for your site members, Wix needs some information from the settings of your Identity Provider (IdP). The information that you need to find is the Client ID, Client Secret, and the Config URL.
You can use any IdP that supports the Open ID Connect protocol. Some IdPs use different terminology for the settings information that Wix needs. Check below for some helpful info about the most common IdPs and the terminology that they use.
Azure
Okta
You can find the information you need on the App Registration page that you created for Wix on your Azure Portal. Learn more about registering an app.
You need to have one of the following roles in Azure to view this information: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
Wix name | Azure name | Where to find it |
---|---|---|
Client ID | Application (client) ID | Under Essentials on the Overview tab |
Client Secret | Client secret | Click the link under Client Credentials on the Overview tab |
Config URL | OpenID Connect metadata document | Select Endpoints on the Overview tab |
Add the settings information from your Identity Provider in your Wix account's SSO Settings. This will let your Identity Provider communicate with Wix using the OpenID Connect protocol.
To add your IdP information:
- Go to Site Member Settings in your site's dashboard.
- Click SSO Settings.
- Enter the Client ID from your IdP in the Client ID field.
- Enter the Client Secret from your IdP in the Client Secret field.
- Select the Config URL option that you want to use:
Standard Config URL setup
Override well-known config
7. (Optional) Copy the Logout URL value from the Logout URL field. This is a read-only URL that Wix generates based on the values you provided in the previous steps and the Open ID Connect protocol.
8. Click Save Changes.
Tip:
Your account owner and any account admins (co-owners) can access your SSO Settings. You can also create a new role with the Manage SSO permission to grant access to other users in your organization.
Step 2 | Copy the Callback URL
When a user successfully authenticates themselves using an SSO service, the SSO service redirects to a predefined URL. This URL is known as a callback URL (sometimes called a redirect URL, or a reply URL).
Wix automatically generates a callback URL based on the information that you added in the Information your IdP needs section of your SSO Settings. This is shown as the Web Logins URL.
The callback URL is based on the Open ID Connect protocol. If you need to provide a callback URL to your IdP, click the Copy icon next to the URL to copy it.
Tip:
To add your callback URL, go to:
Okta: General settings>Login>Sign-in redirect URLs
Azure: Authentication>Web>Redirect URLs
Step 3 | Enable SSO login and set as required if needed
After you've added your IdP's information, you can enable SSO login to let your users sign in using SSO. You can also choose to require your users to sign in using SSO and disable all other methods for signing in.
To enable SSO login and set as required:
- Go to Site Member Settings in your site's dashboard.
- Click SSO Settings.
- Click the Enable SSO toggle to enable or disable SSO login:
- Enabled: Your users can sign in to their Wix account using SSO or other methods such as an email address and password.
- Disabled: Your users cannot sign in using SSO. They can still sign in using other methods.
- Click the Set SSO as required toggle to choose whether or not you want to require your users to sign in by SSO.
- Enabled: Users can only sign in with SSO. They cannot sign in using other methods such as an email and password. Account owners can still sign in using other methods.
- Disabled: Users can sign in using SSO or other methods.
Important:
We recommend that you manually test your SSO settings before setting SSO as required.
3. Click Save Changes.
Step 4 | (Optional) Copy your SSO login page info
Wix generates a login page URL after you add your IdP details to the Information from your IdP section and save them. Your users can log in with SSO using this login page URL. You can also use it to test settings.
Select the login page URL and copy it to share it with your users.
Step 5 | (Optional) Customize the Advanced settings
You can use the Advanced settings to override certain fields in your IdP's settings. This is useful when the default fields in your IdP are not defined by the Open ID Connect protocol.
To set claims override mapping:
- Enter the user ID you want to use in the IdP User ID field.
- Enter the email address you want to use in the Email field.
- Enter a name the First Name field.
- Enter a name in the Last Name field.
- Enter a URL for the image you want to use for profiles in the Profile image field.
- Click Save Changes.
Need more help?
Read more about SSO in our troubleshooting and error codes article.
Did this help?
|