SSO Configuration Guide
This article explains how to configure Single Sign-On (SSO) for WriteSea/JSG using SAML. The recommended setup method is to import the Identity Provider metadata URL because it reduces manual configuration errors and automatically fills in the required SAML settings.
Recommended Method: Automatic Configuration Using Metadata URL
WriteSea/JSG supports automatic SAML configuration by importing your Identity Provider metadata URL. This method is recommended whenever your Identity Provider provides a metadata URL.
The metadata URL usually includes the required SAML details, such as:
- Entry Point / SSO Login URL
- Issuer / Entity ID
- X.509 Signing Certificate
Step 1: Create a SAML Application in Microsoft Azure
- Sign in to the Azure Portal.
- Go to Enterprise Applications.
- Select New Application.
- Create or select the application you want to use for WriteSea/JSG SSO.
- Open Single Sign-On.
- Select SAML as the SSO method.
Step 2: Configure Azure Using WriteSea/JSG URLs
In Azure, configure the SAML application using the URLs provided by WriteSea/JSG.
| Azure Setting | Value |
|---|---|
| Identifier / Entity ID / Audience URL | https://client-url.com |
| Reply URL / Assertion Consumer Service URL / ACS URL | https://client-url.com/api/v1/sso/callback |
Replace client-url.com with your organization’s actual WriteSea/JSG portal URL.
Example:
https://yourorganization.writesea.com
https://yourorganization.writesea.com/api/v1/sso/callbackThe Audience URL and Callback URL must match exactly. Even a small difference, such as an extra slash, missing protocol, or incorrect domain, can cause SSO login errors.
"Example of Azure Basic SAML Configuration showing the Identifier / Entity ID and Reply URL / ACS URL fields. The SAML Certificates section also contains the App Federation Metadata URL used for automatic metadata import."
Step 3: Copy the Azure Federation Metadata URL
After saving the SAML configuration in Azure:
- Scroll to the SAML Certificates section.
- Find App Federation Metadata URL.
- Copy the complete metadata URL.
This URL will be used inside the WriteSea/JSG Admin Portal to automatically import the SAML configuration.
Step 4: Import Metadata into WriteSea/JSG
- Log in to the WriteSea/JSG Admin Portal.
- Go to Admin → SSO Configuration.
- Click Import Metadata.
- Select Import from URL.
- Paste the App Federation Metadata URL copied from Azure.
- Click Import.
Step 5: Review the Imported Configuration
After the metadata URL is imported, WriteSea/JSG will automatically populate the required SAML fields:
- Entry Point / SSO Login URL
- Issuer / Entity ID
- X.509 Signing Certificate
No manual certificate upload is required when the metadata import is successful.
After importing, review the populated values and save the configuration.
Expected Result
Once the configuration is completed successfully:
- SSO settings are configured in WriteSea/JSG.
- Azure and WriteSea/JSG are connected through SAML.
- Users can sign in using their organization’s Azure credentials.
- Authentication redirects users from WriteSea/JSG to Azure and then back to the WriteSea/JSG portal after successful login.
Manual Configuration Method
Use manual configuration only if your Identity Provider does not provide a metadata URL.
In this case, the administrator must manually enter the following details in the WriteSea/JSG Admin Portal under Admin → SSO Configuration:
- Entry Point / SSO Login URL
- Issuer / Entity ID
- X.509 Signing Certificate
These values must be copied from the Identity Provider.
"Example of Azure setup values used for manual configuration, including Login URL, Microsoft Entra Identifier, and Logout URL."
Information Required by the Identity Provider
When creating the SAML application on the Identity Provider side, provide the following WriteSea/JSG URLs:
| Required Field | Value |
| Audience URL / Entity ID | https://client-url.com |
| Callback URL / ACS URL | https://client-url.com/api/v1/sso/callback |
Replace client-url.com with the organization’s actual WriteSea/JSG portal URL.
Information Required by WriteSea/JSG
The Identity Provider must provide the following details back to WriteSea/JSG:
- Entry Point / Authentication URL
- Issuer / Unique Entity ID
- X.509 Public Signing Certificate
- Metadata URL, if available
Tested Identity Providers
The following Identity Provider has been tested:
- Microsoft Azure / Microsoft Entra ID
Portal:portal.azure.com
Testing and Troubleshooting Notes
Before testing SSO, confirm the following:
- The user is assigned to the SAML application in Azure.
- The user exists in WriteSea/JSG, if user pre-provisioning is required.
- The user’s email address in Azure matches the email address expected by WriteSea/JSG.
- The Audience URL and Callback URL are correct.
- The certificate is active and valid.
- The metadata URL is accessible and has been imported successfully.
If SSO works for one user but not another, the issue is usually related to user assignment, email claim mismatch, permissions, or account availability in the Identity Provider.
For QA testing, make sure the test user account is properly assigned to the SAML application in Azure and uses the same email identity expected by WriteSea/JSG.
Recommendation
We strongly recommend using the Import Metadata URL method whenever available. This approach is faster, reduces manual copy-paste errors, and ensures the required SAML values are imported directly from the Identity Provider metadata.
If the Identity Provider configuration changes later, re-import the metadata or verify the SSO settings again in the WriteSea/JSG Admin Portal.