Setting Up Single Sign On (SSO) for your Firmex Subscription

Here you’ll find a how-to guide on adding the Firmex VDR to your company’s SSO implementation. Our support team is here to walk you through it. Reach us anytime at 1 888 688 4042 x11 or email support@firmex.com.

Before you get started

What you’ll need

  • An active Firmex subscription
  • OneLogin, Azure AD, or Okta as your SSO service (we will be supporting other SAML 2.0 based IdPs in the near future).
  • Your IT administrator to configure SSO
  • Once SSO is enabled, all of your company’s users must log in to Firmex using SSO, and not using a login/password.

How long will this take?

Implementing SSO takes a few minutes. There is virtually no downtime between Firmex Support enabling SSO for your site, and your company’s users authenticating using SSO. Just follow the steps below.

Configuring your side

Below you’ll find three examples of configuring SSO on your side. Your specific configuration may be different depending on your Identity Provider.

Configuring the Firmex side

Step 1 - Identify your company’s domains

Identify the domains with which your company’s users are logging in.

For example:

  • @firmex.com
  • @firmex.ca

Step 2 - Contact Firmex Support with your domains

Email support@firmex.com or call 1888 688 4042 x.11 to speak to Firmex Support. Pass along your domain information. Firmex Support will add the domains to your VDR as “claimed domains”. Your admin must now configure SSO.

Warning: Until your site admin configures the claimed domains, your company’s users will not be able to log in to the VDR. Non-company users (i.e. guest users) can still log in using their email/password. Configuration should take a few minutes.

Step 3 - Configure the claimed domains

  1. Log in to Firmex as a Site Administrator.
  2. From the top-left corner, click your company logo.
  3. Select the SSO tab. Then select SSO Configuration. Click the domain you want to configure.

edit-sso.png
Have your IT Administrator fill in the following fields. The fields should be taken from your identity provider:
SSO-config.png

  • Entity ID - The globally unique name for an SAML entity, either the Identity Provider or a Service Provider.
  • Identity Provider URL - The address where the SAML request is posted to.
  • Public Key Certificate - For authentication purposes, a SAML message may be digitally signed by the issuer. To verify the signature on the message, the message receiver uses a public key known to belong to the issuer. Similarly, to encrypt a message, a public encryption key belonging to the ultimate receiver must be known to the issuer. In both situations—signing and encryption—trusted public keys must be shared in advance.

Click Finish to complete the SSO configuration. Changes take effect immediately.

At this time, SSO is enabled for your site.

Log In to Firmex Using SSO

If SSO has been enabled for your VDR, users logging in from a claimed and configured domain will encounter the following flow:

From login.firmex.com or companyName.firmex.com

  1. User enters their Email Address.
  2. User is redirected to their IdP login page to authenticate using their credentials.
  3. User may access Firmex VDR from their list of authorized applications.

From your IdP login page (e.g. onelogin.companyName.com)

  1. User logs in using their credentials.
  2. User may access Firmex VDR from their list of authorized applications.

FAQ

Q: How do I reset a user’s password? Will the “Forgotten Password” link still work?
A: For SSO users, credentials - including forgotten passwords - will be handled by the identity provider, not by Firmex. Password resets will be suppressed.

Q. Will this work with our two factor authentication?
A: SSO will provide Firmex with an authenticated token allowing the user to access Firmex with the rights and privileges that they have been configured for. The SSO service that is used by the customer may provide two factor authentication and other services that are configured by the customer’s security administrator.

Q: I use Active Directory Federation Services (ADFS) for SSO. Can I sign up?
A: ADFS is not currently in our immediate plans for implementation. Please contact your Account Manager for additional information.

Q: Will we support provisioning and deprovisioning of users?
A: Not at this time. However, we are currently looking into support for provisioning and deprovisioning of users via the System for Cross-domain Identity Management (SCIM) standard.

Q: We don’t use SAML. Can we use use Google or Salesforce as our identity provider (IdP)?
A: Firmex is currently focused on compatibility with the SAML 2.0 standard, as it is the standard that the vast majority of our current customers have implemented.

Q: Does the desktop client and mobile application work with SSO?
A: During the early preview, the desktop client and mobile application will not work with SSO. They will both become available once SSO is generally available.

Q: One of our users has access to multiple Firmex VDRs (e.g. vdr1.firmex.com and vdr2.firmex.com). When I remove her access from our identity provider, is her access removed from all of those Firmex VDRs?
A: Removing a user’s access to the application from your IdP removes the user's access from all projects across the user's Firmex instances. However, a record of the user having accessed those sites remains, and the user will remain in the site's user list, albeit as inactive.