Set up Single Sign-On (SSO) on Wondercraft

Last updated: March 13, 2026

Note that this feature is available to Enterprise plan users.

Welcome! This guide will walk you through setting up Single Sign-On (SSO) for your organization using the modern OpenID Connect (OIDC) protocol.

Configuring SSO allows your team to log in to Wondercraft securely and conveniently using your existing company credentials (e.g., Microsoft Entra ID, Google Workspace, Okta).

Overview of the Setup Process

The SSO setup is a collaborative process that involves a two-way exchange of configuration information between you and our team.

You: Create a new application in your Identity Provider (IdP) and provide us with its credentials.
Wondercraft: Use your credentials to configure the SSO connection on our end and provide you with a unique Callback URL.
You: Add our Callback URL to your IdP configuration to finalize the connection.
Test: We test the connection together to ensure everything works smoothly.

Step 1: Create an OIDC Application in Your Identity Provider

First, you will need to register Wondercraft as a new application within your organization's Identity Provider.

Log in to your Identity Provider's administrative console (e.g., Microsoft Entra ID, Google Workspace, Okta).
Navigate to the section for creating a new Application or App Registration.
Choose to create a Web App that will be used for user sign-in.
During the setup, collect the following three pieces of information. You will need to send these to us in the next step.
- Client ID (This may also be called an Application ID).
- Client Secret (This is a sensitive credential. Please generate a new secret and handle it securely).
- Issuer URL (This is the root URL for your IdP's OIDC configuration, sometimes called a Discovery Document or Metadata URL).
  - For Microsoft Entra ID: https://login.microsoftonline.com/[Your-Tenant-ID]/v2.0
  - For Google Workspace: https://accounts.google.com
  - For Okta: https://[your-okta-domain].okta.com/oauth2/default
If your IdP asks for a Redirect URI or Callback URL during this initial step, you can leave it blank for now. We will provide this exact value to you in Step 3.

Step 2: Send Your Configuration Details to Us

Once you have collected the Client ID, Client Secret, and Issuer URL from Step 1, please send them to our support team.

To: support@wondercraft.ai

Subject: OIDC SSO Setup Request for Wondercraft

For maximum security, we recommend using a one-time secret-sharing service to transmit the Client Secret. Please send the Client ID and Issuer URL directly in the email, and the link to the secret separately.

Step 3: Finalize the Connection in Your Identity Provider

After we receive your IdP details, our team will configure the SSO connection for your account on our platform.

We will then reply to your email with the final piece of information you need: a unique Callback URL (also known as a Redirect URI).

You must add this URL to your application's configuration to complete the setup:

Return to your Identity Provider's admin console and find the OIDC application you created in Step 1.
Locate the section for Redirect URIs or Callback URLs.
Add the exact URL we provided and save your configuration. The connection is now active.

Testing and Go-Live

Once you have completed Step 3, please reply to our email to let us know. We will coordinate with you to test the connection. We recommend having a test user attempt to log in to Wondercraft either from your IdP's application portal or by entering their email on our login page.

Common Troubleshooting

Error: "Redirect URI Mismatch," "Invalid Reply Address," or similar.
- This almost always means the Callback URL you entered in your IdP configuration does not exactly match the one we provided. Please double-check for typos, extra spaces, or http vs. https mismatches.

If you encounter any issues, please do not hesitate to contact our support team. We're here to help.