Single Sign-On (SSO) allows your team to log in to Forwood One using your organisation’s existing identity provider, making access simpler, faster, and more secure.
To set up SSO, Forwood will work closely with your IT team to guide you through the configuration process.
How the SSO Setup Works
The SSO setup involves coordination between your organisation and Forwood, following the steps below.
Step 1: Request SSO Enablement
Who: Client
Action:
Inform your Forwood CSM that you would like SSO enabled for your organisation.
Your Client Success Manager will:
Confirm the request
Coordinate with Forwood’s IT Team
Share detailed configuration instructions with your IT Team
Step 2: Create the Application in Microsoft Azure AD
Who: Client IT Team
Log in to the Microsoft Azure Portal
Go to Enterprise Applications
Click Add a new application
Select Create your own application
Name the application clearly (e.g. Forwood One)
Step 3: Configure SAML Authentication
Who: Client IT Team
Open the newly created application
Navigate to Single Sign-On
Select SAML as the authentication method
Edit the Basic SAML Configuration
Enter the required values provided by Forwood IT (sent via email)
⚠️ Important:
The values below are examples only. Exact URLs and identifiers will be provided by Forwood.
EU Example
Setting | Value |
Reply URL (Assertion Consumer Service URL) | |
Sign-On URL | https://id.eu.forwood.one/sso-login/<client_name> |
Relay State | https://id.eu.forwood.one/sso-login/<client_name> |
Logout URL | |
Identifier (Entity ID) | urn:amazon:cognito:sp:eu-west-1_xxxxxxxxxxx |
US Example
Setting | Value |
Reply URL (Assertion Consumer Service URL) | |
Sign-On URL | https://id.us.forwood.one/sso-login/<client_name> |
Relay State | https://id.us.forwood.one/sso-login/<client_name> |
Logout URL | |
Identifier (Entity ID) | urn:amazon:cognito:sp:us-west-2_xxxxxxxxxxx |
Step 4: Configure Attributes & Claims
Who: Client IT Team
Open Attributes & Claims
Select user.mail
Change the source to Transformation
Apply the ToLowercase transform
Set the attribute name to user.mail
This ensures email addresses are consistently formatted for authentication.
Step 5: Assign Users or Groups
Who: Client IT Team
If Assignment Required is enabled:
Assign users or groups to the application
Confirm that assigned users have the correct access permissions
Step 6: Share Metadata with Forwood
Who: Client IT Team
Once configuration is complete:
Copy the App Federation Metadata URL
Send it to help@forwoodsafety.com
Forwood will use this to validate and finalise the SSO setup.
Step 7: Forwood Enables SSO
Who: Forwood
Forwood activates SSO for your organisation
Your dedicated SSO login link is shared, for example:
https://id.saas.forwoodsafety.com/sso-login/yourorganisationname
Step 8: Validate SSO Access
Who: Client
Test logging in using the SSO link
Confirm that assigned users can access Forwood One successfully
Once validated, SSO can be enabled for all users in your portal.
If any issues arise, Forwood Support is available via:
Forwood Support Bot
Need Help?
If you have questions or need additional support:
Reach out to your Forwood Customer Success Manager
Email our Support Team at help@forwoodsafety.com
