FleetWorks supports enterprise-level Single Sign-On (SSO) for any identity providers compatible with the SAML 2.0 protocol. This is a non-exclusive list of supported identity providers:

  • Google Workspaces (formerly known as G Suite)
  • Okta, Auth0
  • Microsoft Active Directory, Azure Active Directory, Microsoft Entra
  • PingIdentity
  • OneLogin

Terminology

The number of SAML and SSO acronyms can often be overwhelming. Here’s a glossary which you can refer back to at any time:

  • Identity Provider, IdP, or IDP: An identity provider is a service that manages user accounts at a company or organization. It can verify the identity of a user and exchange that information with FleetWorks and other applications. It acts as a single source of truth for user identities and access rights. Commonly used identity providers include Microsoft Active Directory (Azure AD, Microsoft Entra), Okta, Google Workspaces (G Suite), PingIdentity, OneLogin, and many others.
  • Service Provider, SP: This is the software that is asking for user information from an identity provider. In FleetWorks, this is our authentication server.
  • Assertion: A statement issued by an identity provider that contains information about a user.
  • EntityID: A globally unique ID (usually a URL) that identifies an Identity Provider or Service Provider.
  • NameID: A unique ID (usually an email address) that identifies a user at an Identity Provider.
  • Metadata: An XML document describing the features and configuration of an Identity Provider or Service Provider. It can be a standalone document or a URL. Often, the EntityID is the URL for the Metadata.
  • Certificate: FleetWorks trusts assertions from an Identity Provider based on the signature attached to the assertion. This signature is verified using the certificate found in the Metadata.
  • Assertion Consumer Service (ACS) URL: The URL where FleetWorks accepts assertions from an identity provider after verifying the user’s identity.
  • Binding (Redirect, POST, or Artifact): Describes how an identity provider communicates with FleetWorks Auth. Common methods include HTTP Redirects (Redirect), POST requests via HTML forms, or Artifact for more secure exchanges.
  • RelayState: State used by FleetWorks to hold information about a user verification request during the SSO flow.

Important SAML 2.0 Information

Below is information about FleetWorks’s SAML 2.0 configuration which you can share with your Identity Provider administrator when setting up the integration.

SettingValueNotes
EntityIDhttps://db.fleetworks.ai/auth/v1/sso/saml/metadataAlso known as SP Entity ID or Audience URI.
Metadata URLhttps://db.fleetworks.ai/auth/v1/sso/saml/metadataProvides configuration details for FleetWorks.
Metadata URL(download)https://db.fleetworks.ai/auth/v1/sso/saml/metadata?download=trueUse this link to download the XML file if needed.
ACS URLhttps://db.fleetworks.ai/auth/v1/sso/saml/acsAssertion Consumer Service URL. Also known as Single Sign-On URL or Reply URL.
SLO URLhttps://db.fleetworks.ai/auth/v1/sso/sloSingle Logout URL. (See note below)
NameID Formaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress or urn:oasis:names:tc:SAML:2.0:nameid-format:persistentWe recommend using emailAddress.
NameID Value RequiredEmail AddressThe user’s email address must be sent as the NameID.

SLO (Single Logout) is not currently supported by FleetWorks. The SLO URL is registered for future availability. Consider using Session Timebox or Session Inactivity Timeout features with your IdP to enforce regular re-authentication.