Single Sign-On (SSO) using SAML v2.0

Setting up Single Sign-On (SSO) with your IdP using the Gatekeeper Generic SAML v2.0 Connector

 

Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.

 

Note: When configuring SSO using our generic SAML v2.0 connector, you will need details from your Identity Provider (IdP) and once configured in Gatekeeper, you will have additional details to add to your IdP. This will likely require support from your IT/Technical team. 

Please also note:  This feature is available with our Enterprise and Custom Enterprise Plans only. Essentials and Pro Customers have access to Microsoft SSO and Google SSO

 

What you will need:

  • Please ensure you have at least one user set up in both your Gatekeeper tenant and your Identity Provider (IdP)
  • You will need either your IdP Metadata URL or you can use your IdP Metadata XML

 


Part 1 - Getting your Gatekeeper tenant ready to Configure & Test

Step 1) Navigate to Settings > Configuration > Authentication

Step 2) Change your settings to 🔘 Allow All Authentication Methods

Step 3) Hit ✅ Save

✋ Do not select 🔘 Require SAML 2.0 authentication on yet 🤚

Without configuring & testing this setting, you may lock yourself out of your Gatekeeper tenant!

If you have done this and locked your tenant - inform our Support team here

Caution!

Each user's login details are case-sensitive on both email and password

 

When troubleshooting login issues, verifying the case sensitivity of both the email address and password is essential.

 

 

Part 2 - Configuring Your IdP/AD App

Create the custom App for Gatekeeper in your Portal

Email should be used as NameID in the SAML Token.

Your Login URL for users can be found under "SSO URL" in Gatekeeper - see Part 3

 

NB. Gatekeeper has a dedicated oAuth feature for SSO

This means URLs for our login pages are;

auth-eu.gatekeeperhq.com when using our European instance

auth-us.gatekeeperhq.com when using our US instance

auth-ca.gatekeeperhq.com when using our Canada instance

auth-apac.gatekeeperhq.com when using our Australia/Asia-Pacific instance

This "auth-" URL might be what you need to use for your Base-URL when configuring your app

 

 

Part 3 - Configuring Gatekeeper

Step 1) While in Settings > Configuration > Authentication, hit Configure SAML 2.0

Step 2) Enter the variables obtained from your IdP/AD, using either the IdP Metadata URL or XML

Step 3) Once entered, select ✅ Create

Screenshot 2019-09-03 at 14.49.17

 

After hitting Create, Gatekeeper will reload the configuration page and you will be presented with the information that was retrieved from the URL/XML you entered

This will also provide the necessary Metadata to complete the configuration of your SAML v2.0 SSO integration within your IdP:

 

 

Part 4 - Test the new SSO Connection

Step 1) Log out of Gatekeeper

Step 2) On the login screen, choose LOGIN WITH SSO

Step 3) Enter your credentials & sign in

 

 

Part 5 - Restrict access to only allow your SAML SSO option

When you have successfully tested your SAML SSO configuration works, you can restrict access to only allow this as the login method for your users

Step 1) Navigate to Settings > Customisations > Authentication

Step 2) Select 🔘 Require Require SAML 2.0 authentication

Step 3) Hit ✅ Save