Setting up Single Sign-On (SSO) with your IdP using the Gatekeeper Generic SAML v2.0 Connector
Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.
Note: When configuring SSO using our generic SAML v2.0 connector, you will need details from your Identity Provider (IdP) and once configured in Gatekeeper, you will have additional details to add to your IdP. This will likely require support from your IT/Technical team.
Please also note: This feature is available with our Enterprise and Custom Enterprise Plans only. Essentials and Pro Customers have access to Microsoft SSO and Google SSO.
What you will need:
- Please ensure you have at least one user set up in both your Gatekeeper tenant and your Identity Provider (IdP)
- You will need either your IdP Metadata URL or you can use your IdP Metadata XML
Part 1 - Getting your Gatekeeper tenant ready to Configure & Test
Step 1) Navigate to Settings > Configuration > Authentication
Step 2) Change your settings to 🔘 Allow All Authentication Methods
Step 3) Hit ✅ Save
✋ Do not select 🔘 Require SAML 2.0 authentication on yet 🤚
Without configuring & testing this setting, you may lock yourself out of your Gatekeeper tenant!
If you have done this and locked your tenant - inform our Support team here
Caution!
Each user's login details are case-sensitive on both email and password.
When troubleshooting login issues, verifying the case sensitivity of both the email address and password is essential.
Part 2 - Configuring Your IdP/AD App
Create the custom App for Gatekeeper in your Portal
Email should be used as NameID in the SAML Token.
Your Login URL for users can be found under "SSO URL" in Gatekeeper - see Part 3
NB. Gatekeeper has a dedicated oAuth feature for SSO
This means URLs for our login pages are;
auth-eu.gatekeeperhq.com when using our European instance
auth-us.gatekeeperhq.com when using our US instance
auth-ca.gatekeeperhq.com when using our Canada instance
auth-apac.gatekeeperhq.com when using our Australia/Asia-Pacific instance
This "auth-" URL might be what you need to use for your Base-URL when configuring your app
Part 3 - Configuring Gatekeeper
Step 1) While in Settings > Configuration > Authentication, hit Configure SAML 2.0
Step 2) Enter the variables obtained from your IdP/AD, using either the IdP Metadata URL or XML
Step 3) Once entered, select ✅ Create
After hitting Create, Gatekeeper will reload the configuration page and you will be presented with the information that was retrieved from the URL/XML you entered
This will also provide the necessary Metadata to complete the configuration of your SAML v2.0 SSO integration within your IdP:
Part 4 - Test the new SSO Connection
Step 1) Log out of Gatekeeper
Step 2) On the login screen, choose LOGIN WITH SSO
Step 3) Enter your credentials & sign in
Part 5 - Restrict access to only allow your SAML SSO option
When you have successfully tested your SAML SSO configuration works, you can restrict access to only allow this as the login method for your users
Step 1) Navigate to Settings > Customisations > Authentication
Step 2) Select 🔘 Require Require SAML 2.0 authentication
Step 3) Hit ✅ Save