Single Sign On (SSO)
      Back to home
      1. Knowledgebase
      2. User Management
      3. Single Sign On (SSO)

      Single Sign-On (SSO) using SAML v2.0

      Setting up Single Sign-On (SSO) with your IdP using the Gatekeeper Generic SAML v2.0 Connector

       

      Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.

       

      Note: When configuring SSO using our generic SAML v2.0 connector, you will need details from your Identity Provider (IdP) and once configured in Gatekeeper, you will have additional details to add to your IdP. This will likely require support from your IT/Technical team. 

      Please also note:  This feature is available with our Enterprise and Custom Enterprise Plans only. Essentials and Pro Customers have access to Microsoft SSO and Google SSO

       

      What you will need:

      • Please ensure you have at least one user set up in both your Gatekeeper tenant and your Identity Provider (IdP)
      • You will need either your IdP Metadata URL or you can use your IdP Metadata XML

       


      Part 1 - Getting your Gatekeeper tenant ready to Configure & Test

      Step 1) Navigate to Settings > Configuration > Authentication

      Step 2) Change your settings to 🔘 Allow All Authentication Methods

      Step 3) Hit ✅ Save

      ✋ Do not select 🔘 Require SAML 2.0 authentication on yet 🤚

      Without configuring & testing this setting, you may lock yourself out of your Gatekeeper tenant!

      If you have done this and locked your tenant - inform our Support team here

       

       

      Part 2 - Configuring Your IdP/AD App

      Create the custom App for Gatekeeper in your Portal

      Email should be used as NameID in the SAML Token.

      Your Login URL for users can be found under "SSO URL" in Gatekeeper - see Part 3

       

      NB. Gatekeeper has a dedicated oAuth feature for SSO

      This means URLs for our login pages are;

      auth-eu.gatekeeperhq.com when using our European instance

      auth-us.gatekeeperhq.com when using our US instance

      auth-ca.gatekeeperhq.com when using our Canada instance

      auth-apac.gatekeeperhq.com when using our Australia/Asia-Pacific instance

      This "auth-" URL might be what you need to use for your Base-URL when configuring your app

       

       

      Part 3 - Configuring Gatekeeper

      Step 1) While in Settings > Configuration > Authentication, hit Configure SAML 2.0

      Step 2) Enter the variables obtained from your IdP/AD, using either the IdP Metadata URL or XML

      Step 3) Once entered, select ✅ Create

      Screenshot 2019-09-03 at 14.49.17

       

      After hitting Create, Gatekeeper will reload the configuration page and you will be presented with the information that was retrieved from the URL/XML you entered

      This will also provide the necessary Metadata to complete the configuration of your SAML v2.0 SSO integration within your IdP:

       

       

      Part 4 - Test the new SSO Connection

      Step 1) Log out of Gatekeeper

      Step 2) On the login screen, choose LOGIN WITH SSO

      Step 3) Enter your credentials & sign in

       

       

      Part 5 - Restrict access to only allow your SAML SSO option

      When you have successfully tested your SAML SSO configuration works, you can restrict access to only allow this as the login method for your users

      Step 1) Navigate to Settings > Customisations > Authentication

      Step 2) Select 🔘 Require Require SAML 2.0 authentication

      Step 3) Hit ✅ Save