23_WinCan_Web_SSO_EN

Open

Single Sign-On (SSO) allows for the people from your company to log into WinCan Web using your company’s own log-in scheme. Each of your users will have their own unique Single Sign-On ID that they can use to directly login into their user account.
This manual will explain how to use and configure SSO for your WinCan Web company.

🔐 1. Logging in

To log in with your company’s SSO provider, ask your company’s administrator for any of the following:

1. Automatic SSO login link
   With an automatic SSO login link you can quickly log in to WinCan Web using your SSO provider’s credentials without seeing the WinCan login page.

2. Unique SSO name
   Using your company’s unique SSO name you can log in using the WinCan login page via the “Sign in with SSO” button:

   Open

   

   
   Here you’ll be able to use the unique SSO name provided by your company’s admin to log in with your SSO provider’s credentials:

You will be redirected to your SSO provider’s login page allowing you to log in to WinCan Web using your company’s account.

⚙️ 2. Configuring SSO

2.1. Finding SSO configuration form

To configure the SSO provider for your company, follow highlighted steps in WinCan Web:

Once enabled you can begin configuring your SSO provider.

2.2 Configuring SSO provider

To configure your SSO provider in WinCan Web follow the provided setup form. For streamlining the process we have prepared templates for some popular SSO providers, including Microsoft Azure , Google Cloud, and Okta.

Your first step is to fill the unique SSO name. This name will be used by your company’s users to log in to WinCan Web via your SSO provider. It should be short and simple and should uniquely identify your company.

Once you provide a correct name you can continue to this guide section that fits your SSO provider.

2.2.1 Microsoft Azure

If you use Microsoft Azure as your SSO provider, first select it from the drop-down menu and click next:

Then log in to your company’s Microsoft Azure Portal and find Microsoft Entra ID:

Next add a new app registration:

Fill a name and in the Redirect URI section select Web from the drop-down list and paste the Sign-In Redirect from the WinCan Web SSO configuration form:

After registering the app in Microsoft Entra ID, fill the provided Tenant ID and Client ID in the next step of the SSO configuration form, then click the Add a certificate or secret button:

To add a new secret click the New client secret button and click Add in the popup window. You can optionally fill description and expiration time:

Once added, copy the newly created secret to the SSO configuration form and save:

Congratulations! You can now share the unique SSO name and/or the automatic SSO login link with your users.

2.2.2 Google Cloud

If you use Google Cloud as your SSO provider, first select it from the drop-down menu and click next:

Then log in to your company’s Google Cloud Console and find APIs & Services:

In the APIs & Services menu create new OAuth client ID credentials:

From the Application Type drop-down menu select Web application, fill in the name, add and fill URIs as presented from the WinCan Web SSO configuration form:

After creating the credentials you will be presented with the Client ID and Client Secret values, fill them in the WinCan Web SSO configuration form, but don’t save yet - you will have to use those values in the next step.

After copying the Client ID and Client Secret find Identity Platform in the Google Cloud Console:

In the Identity Platform service add a new provider:

Next in the Select a provider drop-down menu select Google, fill previously copied Client ID and Client Secret and then click the Add Domain button:

In the Add authorized domain popup window fill the domain with Trusted Origin provided in the 3rd step of the WinCan Web SSO configuration form:

Congratulations! You can now share the unique SSO name and/or the automatic SSO login link with your users.

2.2.3 Okta

If you use Okta as your SSO provider, first select it from the drop-down menu and click next:

Then log in to your company’s Okta Admin Console and create a new App Integration:

In the popup menu select OIDC - OpenID Connect sign-in method and Web Application application type:

Next choose a name and fill the Sign-in redirect URIs and Base URIs fields with Sign-In Redirect and Trusted Origin values from the WinCan Web SSO configuration form as shown:

After saving you can fill the Client ID and Client Secret in the WinCan Web SSO configuration form:

To find your Okta domain go to the Brands section in the Okta Admin Console:

Congratulations! You can now share the unique SSO name and/or the automatic SSO login link with your users.

2.2.4 Other / Custom

If you have an SSO provider that is not listed or if you host your own SSO solution, you’ll be required to provide a Client ID and a Client Secret provided by your provider or solution, as well as the Domain where the provider or solution is hosted.

To start, please select the Other / Custom option from the drop-down menu in the WinCan Web SSO configuration form

Then open your SSO provider or SSO solution configuration and provide some information about WinCan Web:

Trusted Origin is the URI for which the authentication requests will be directed from.

Sign-In Redirect is the URI which will be used by the SSO provider or SSO solution to return to WinCan Web after successful log in.

After setting up WinCan Web in your SSO provider or SSO solution, please fill the required information:

Client ID and Client Secret are provided by your SSO provider or SSO solution in order to identify and authorize WinCan Web.

Domain is the base URI used by your SSO provider or SSO solution.

If everything went well you can save the SSO configuration.

Congratulations! You can now share the unique SSO name and/or the automatic SSO login link with your users.