Fireworks uses single sign-on (SSO) as the primary mechanism to authenticate with the platform. By default, Fireworks supports Google SSO.

If you have an enterprise account, Fireworks supports bringing your own identity provider using:

  • OpenID Connect (OIDC) provider
  • SAML 2.0 provider

Coordinate with your Fireworks AI representative to enable the integration.

OpenID Connect (OIDC) provider

1

Create OIDC client application

Create an OIDC client application in your identity provider, e.g. Okta.

2

Configure client

Ensure the client is configured for “code authorization” of the “web” type (i.e. with a client_secret).

3

Set redirect URL

Set the client’s “allowed redirect URL” to the URL provided by Fireworks. It looks like:

https://fireworks-<your-company-name>.auth.us-west-2.amazoncognito.com/oauth2/idpresponse
4

Note down client details

Note down the issuer, client_id, and client_secret for the newly created client. You will need to provide this to your Fireworks.ai representative to complete your account set up.

SAML 2.0 provider

1

Create SAML 2.0 application

Create a SAML 2.0 application in your identity provider, e.g. Okta.

2

Set SSO URL

Set the SSO URL to the URL provided by Fireworks. It looks like:

https://fireworks-<your-company-name>.auth.us-west-2.amazoncognito.com/saml2/idpresponse
3

Configure Audience URI

Configure the Audience URI (SP Entity ID) as provided by Fireworks. It looks like:

urn:amazon:cognito:sp:<some-unique-identifier>
4

Create Attribute Statement

Create an Attribute Statement with the name:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

and the value user.email

5

Keep default settings

Leave the rest of the settings as defaults.

6

Note down metadata URL

Note down the “metadata url” for your newly created application. You will need to provide this to your Fireworks AI representative to complete your account set up.

Was this page helpful?

Managing users