SSO Configuration

Connect your identity provider (IdP) to whoot. via SAML SSO. Automate user provisioning, enforce authentication policies, and eliminate password sprawl.

Overview

whoot. supports SAML 2.0 SSO, allowing your team to sign in with their existing corporate credentials. Supported identity providers include but are not limited to:

• Okta
• Azure Active Directory (Entra ID)
• Google Workspace
• OneLogin
• Any SAML 2.0-compliant IdP

Prerequisites

• Admin access to your whoot. tenant
• Admin access to your identity provider

Step 1: Configure Your Identity Provider

In your IdP admin console, create a new SAML application with these settings:

If you're not logged in, the generic configuration values are:

• ACS URL: https://auth.whoot.me/auth/v1/sso/saml/acs
• Entity ID: https://auth.whoot.me/auth/v1/sso/saml/metadata
• Metadata URL: https://auth.whoot.me/auth/v1/sso/saml/metadata
• Metadata URL Download: https://auth.whoot.me/auth/v1/sso/saml/metadata?download=true
• Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Attribute Mapping

Map the following SAML attributes in your IdP:

Step 2: Configure whoot.

1. In whoot., go to Settings → Security → SSO
2. Paste the IdP Metadata XML or enter the IdP SSO URL and certificate manually
3. Click Save
4. Use the Test Connection button to verify the integration works before enforcing it

Step 3: Set Enforcement Mode

Choose how SSO interacts with other login methods:

• Optional — Users can sign in with SSO or email/password
• Required — All users with the verified domain must use SSO (email/password login disabled for those users)

Step 4: Testing Your Configuration

whoot. includes a built-in IdP testing tool:

1. Click Test Connection in the SSO settings
2. You'll be redirected to your IdP
3. Sign in with your corporate credentials
4. If successful, you'll see a confirmation message with the returned SAML attributes
5. If it fails, the error message will tell you exactly what went wrong

Troubleshooting

SSO login not working?

• Verify your domain is verified (check DNS records)
• Ensure the ACS URL and Entity ID match exactly
• Check that the IdP certificate hasn't expired
• Use the Test Connection tool for diagnostic information

Next Steps

• Security & Compliance — Configure MFA and audit logging
• User Roles — Set up role-based access control