Single Sign-On (SSO) lets your users log in to Whistleblower Software using the identity provider your organization already uses, instead of managing a separate password. This means users sign in once through your company's system and are automatically authenticated.
Whistleblower Software supports the following SSO methods:
Google OAuth 2.0: The simpler option for organizations using Google Workspace. No metadata files required. See the Login with Google article to set this up.
Microsoft OAuth 2.0: The simpler option for organizations using Microsoft 365. No metadata files required. Enabled directly in Settings.
SAML 2.0: A more advanced protocol supported by most enterprise identity providers, including Google (SAML), Microsoft Azure, AWS, Okta, and Ping. Use this if your organization requires centralized identity management or your IT policy mandates SAML.
Login option SAML 2.0 is available only on the Advanced plan.
Which Option Should You Choose?
If your organization uses Google Workspace or Microsoft 365 and doesn't have a specific IT requirement for SAML, use the OAuth option. It takes minutes to enable and requires no configuration on the identity provider side.
If your organization uses a dedicated identity provider such as Okta, Ping, or AWS, or if you need centralized user access control, use SAML 2.0 and follow the relevant provided guide in this collection.
Before You Start with SAML
Before setting up SAML, make sure the following are in place:
You have admin or system technician access to Whistleblower Software and admin access to your identity provider.
Users are already created in Whistleblower Software. Users are not created automatically on first login.
Your identity provider supports signed responses or assertions. SAML 2.0 is supported for all providers that can sign their responses.
The email address used in your identity provider must match exactly the email address of an existing user in Whistleblower Software.
Three Requirements That Apply to All SAML Setups
Regardless of which identity provider you use, the following must always be configured correctly or login will fail:
Signed responses or assertions must be enabled in your identity provider.
The Subject or Name ID must be mapped to the user's email address.
The user attempting to sign in must already exist in Whistleblower Software. Just-in-time (JIT) user creation is not supported.
We’re here to support you. If you have questions reach out to us directly via the Messenger icon in the bottom right corner of your screen, or send us an email at support@whistleblowersoftware.com.