Manage SSO Integration

This article gives an overview of the Single Sign On options in Gatekeeper and how to enable this.

Restore Visibility

Safeguard Compliance

Estimated Read Time: 4 Minutes

Sections in this article:

Introduction
- User Access by Type
Enable SSO
- Authentication Options

Introduction

Single Sign-On (SSO) is an authentication method that allows users to log in once and gain access to multiple applications without needing to re-enter credentials. Integrating your SSO service with Gatekeeper enables users to log in using their existing credentials from your identity provider.

Gatekeeper supports the following Single Sign On services:

Google SSO
Microsoft SSO
OneLogin SSO
Okta SSO

If your specific Single Sign On service is not listed, you may be able to set up a custom SAML 2.0 connector.

User Access by Type

If you have enabled SSO, Employee Portal users can be created via Just-In-Time provisioning
All Internal Users must be added to Gatekeeper before they can login with a SSO service. See Managing Users for further details on creating user accounts in Gatekeeper.

Vendor Portal user access will always remain via Username and Password, even when SSO authentication is set.

Enable SSO

To enable SSO on your Gatekeeper tenant:

From the navigation menu, expand Settings then click Configuration.
Click Authentication.
Select the appropriate radio button.
1. On some authentication types, you can enable the Support Access toggle to allow tenant users with the @gatekeeperhq.com domain to bypass your SSO authentication requirements, so that they can assist with any support enquiries related to your tenant. It is strongly recommended to enable this.
Once finished, click Save.

Note: Users require the Administrator role and the Configuration additional permission to perform these steps.

Authentication Options

The following authentication methods are available to select:

Option	Description
Standard Authentication	Sign in using Username/Password, Google Single Sign On (SSO), or Microsoft Single Sign On (SSO).
Allow all Authentication methods	Sign in using Username/Password, Google Single Sign On (SSO), Microsoft Single Sign On (SSO), OneLogin, or Okta.
Require Google Single Sign On (SSO)	Sign in using your Google domain only. This can lock teammates out of Gatekeeper if they don't use Google.
Require OneLogin Single Sign On (SSO)	Sign in using your OneLogin account only. This can lock teammates out of Gatekeeper if they don't have a OneLogin account.
Require Okta Single Sign On (SSO)	Sign in using your Okta account only. This can lock teammates out of Gatekeeper if they don't have an Okta account.
Require Microsoft Single Sign On (SSO)	Sign in using your Microsoft domain only. This can lock teammates out of Gatekeeper if they don't use Microsoft.
Require SAML 2.0 authentication	Sign in using the configured SAML accounts only. This can lock teammates out of Gatekeeper if they don't have a SAML account.

See the following articles for further information on how to configure each SSO service for Gatekeeper:

Note:

Before restricting your Gatekeeper tenant to only allow one login type, it is strongly recommended that you test this SSO method. You can do this by selecting Allow all Authentication methods, then logging out and attempting to login again via your SSO method of choice. Verify successful authentication through the logins audit trail. before making the change. If you accidentally lock yourself out, the setting can be reversed, but this may cause an extended period of inaccessibility for users while the product team restores the SSO configuration.
If you restrict your Gatekeeper tenant to only allow one login type, the other options will remain on the log in screen, but users will not be able to use them. Ensure that all users are aware of the correct login method to avoid access issues.
Okta, OneLogin and a custom SAML 2.0 Authentication require configuration from both the Gatekeeper and SSO application end.