Custom SSO
Set up custom Single Sign-On (SSO) authentication for Fireworks AI
Fireworks uses single sign-on (SSO) as the primary mechanism to authenticate with the platform. By default, Fireworks supports Google SSO.
If you have an enterprise account, Fireworks supports bringing your own identity provider using:
- OpenID Connect (OIDC) provider
- SAML 2.0 provider
Coordinate with your Fireworks AI representative to enable the integration.
OpenID Connect (OIDC) provider
Create OIDC client application
Create an OIDC client application in your identity provider, e.g. Okta.
Configure client
Ensure the client is configured for “code authorization” of the “web” type (i.e. with a client_secret).
Set redirect URL
Set the client’s “allowed redirect URL” to the URL provided by Fireworks. It looks like:
Note down client details
Note down the issuer, client_id, and client_secret for the newly created client. You will need to provide this to your Fireworks.ai representative to complete your account set up.
SAML 2.0 provider
Create SAML 2.0 application
Create a SAML 2.0 application in your identity provider, e.g. Okta.
Set SSO URL
Set the SSO URL to the URL provided by Fireworks. It looks like:
Configure Audience URI
Configure the Audience URI (SP Entity ID) as provided by Fireworks. It looks like:
Create Attribute Statement
Create an Attribute Statement with the name:
and the value user.email
Keep default settings
Leave the rest of the settings as defaults.
Note down metadata URL
Note down the “metadata url” for your newly created application. You will need to provide this to your Fireworks AI representative to complete your account set up.
Troubleshooting
Invalid samlResponse or relayState from identity provider
This error occurs if you are trying to use identity provider (IdP) initiated login. Fireworks currently only supports service provider (SP) initiated login.
See Understanding SAML for an in-depth explanation.
Required String parameter ‘RelayState’ is not present
See above.
Was this page helpful?