Managing SSO Integration

For seamless and secure authentication, you can integrate your Single Sign On service with Gatekeeper. The following Knowledge Base article will walk you through enabling and configuring Single Sign On.

Gatekeeper supports the following Single Sign On services:

  • Google SSO
  • Microsoft SSO
  • OneLogin SSO
  • Okta SSO

If your specific Single Sign On service is not listed, you may be able to set up a custom SAML 2.0 connector

User Access by Type

If you have enabled SSO, Employee Portal users may now be created via Just-In-Time provisioning
All Internal Users must be added to Gatekeeper before they can login with a SSO service. Please click here for further detail on User Management within Gatekeeper.

Supplier Portal user access will always remain via Username & Password, even when SSO authentication is set.

How to Enable SSO

  1. Login to Gatekeeper as an Administrator user with the "Configuration" additional permission.
  2. Click to expand the Settings in the left-hand navigation menu and then click Configuration.

Gatekeeper 2020-01-16 15-21-05

3.    Navigate to the Authentication config page

---------------------------------------------------------------------------------------------------------------------------

STRONG SUGGESTION

The next configuration step indicates that you can restrict your Gatekeeper tenant to only allow one login type. Before you do this, it is imperative* that you actually test this SSO method will actually work!

You can do this by temporarily setting your tenant to "Allow all Authentication methods", then logging out & attempting to login again via your SSO method of choice.

Only once this work successfully (and you double check that Gatekeeper reflects this in your logins audit trail)

*this choice can be reversed if you accidentally lock yourself out of Gatekeeper, but it could result in an extended period of inaccessibility (and frustration) for your users while our product team reverts your SSO config setting!

 

---------------------------------------------------------------------------------------------------------------------------

4.  Select your Single Sign On service from the following options:

  • Standard Authentication: Username/Password & Google Single Sign On (SSO) & Microsoft Single Sign On (SSO)
  • Allow all Authentication methods: Username/Password, Google Single Sign On (SSO), Microsoft Single Sign On (SSO), OneLogin & Okta
  • Require Google Single Sign On (SSO): Sign in using your Google domain only. This can lock teammates out of Gatekeeper if they don't use Google
  • Require OneLogin Single Sign On (SSO): Sign in using your OneLogin account only. This can lock teammates out of Gatekeeper if they don't have a OneLogin account
  • Require Okta Single Sign On (SSO): Sign in using your Okta account only. This can lock teammates out of Gatekeeper if they don't have an Okta account
  • Require Microsoft Single Sign On (SSO): Sign in using your Microsoft domain only. This can lock teammates out of Gatekeeper if they don't use Microsoft
  • Require SAML 2.0 authentication: Sign in using the configured SAML accounts only. This can lock teammates out of Gatekeeper if they don't have a SAML account

Note: Okta, OneLogin and a custom SAML 2.0 Authentication require configuration from both the Gatekeeper and SSO application end. Please see below for further detail.

Configuring your SSO service
Please click the following links for further information on how to configure the following SSO services for Gatekeeper:

   5. Click Save