We offer several standard methods of single sign-on (SSO) integration, including Security Assertion Markup Language (SAML), Google OpenID, and simple one-way portal logins. SSO integrations can be used to make logging into the Widen Collective seamless and to create user accounts, authenticate users, and map user roles from internal databases.

You'll work with your system admin and customer success manager to determine the preferred SSO integration and implement it on your Collective site. If you've chosen a SAML or OpenID integration, either can be set up by system admins in the Admin app after you enable the appropriate feature on the Features page.

Two-factor authentication will be in place if your integrated SSO method has it in place.

Refer to the  SSO Implementation Process article for steps to follow when implementing an SSO.

Target users for SSOs include system admins and all users.


We offer a federated implementation with SAML version 2.0, or SAML2. SAML is a well-supported standard, published by the Oasis standards group, and provides federated authentication by redirecting a user’s web browser to an authentication server run by your company. Upon successful authorization, the user’s web browser is redirected back to the Collective with a security token. The security token is used to complete the authorization process.

If the SAML SSO integration is chosen, enable the SAML Integration feature on the Features page, then developers or IT personnel can configure the SAML service provider, identity provider (including certificate files), and attribute settings on the SAML Settings page in the Admin app. For technical details about configuring a SAML SSO on the SAML Settings page, refer to the  SAML SSO Configuration article or the  SAML Wikipedia page.

If you have a SAML SSO and edit the SAML information, you may receive an error message. If you receive this message, contact the Widen Central Support team for assistance with editing the SAML information.


The most common SAML implementation is with Active Directory Federation Services (ADFS). For technical details about configuring the SAML SSO for ADFS, refer to the SAML SSO Configuration for ADFS article.


Our implementation is tested against the Microsoft Windows ADFS product. Many other providers, including Novell and IBM, have SAML-compliant products.

Google OpenID

If you choose the OpenID integration, enable the Google OpenID Integration feature on the Features page, then developers or IT personnel can configure the OpenID settings, including registration code and hosted domain, on the OpenID Settings page in the Admin app.

OpenID authentication is a well-supported standard published by the OpenID Foundation. The OpenID SSO integration works in a manner similar to SAML, where the user’s browser is redirected to an authentication server and back to the Collective.

Common identity providers include Google Apps for a customer’s domain and Windows CardSpace. Refer to the OpenID Wikipedia page for more information about OpenID.

Simple one-way HTTP post

The most simplistic SSO available is the simple one-way HTTP post. The HTTP login allows one-way authentication from any system that implements the concept of individual authenticated users. It has been designed primarily for ease of implementation and follows several best practice data security policies.


Refer to the Simple One-way HTTP Post Login SSO article for technical details about this option.