How to Set Up Single Sign On (SSO)
Last updated
Was this helpful?
Last updated
Was this helpful?
(SSO) is a demanded feature for most contemporary web applications, as it allows for centralized user access control by the business or organization. Users also do not need to worry about forgetting passwords, as they only need their SSO login details to access any of their connected applications.
In a SAML SSO configuration, Glyue acts as the Service Provider (SP) and a trusted identity/access platform (such as JumpCloud, Azure AD, Okta, etc.) acts as the Identity Provider (IdP). Glyue SSO is designed to be IdP-agnostic and work with any provider.
The usual user authentication flow goes like this:
User clicks SSO option on the SP login screen. SP redirects the user to the IdP along with a SAML request.
User authenticates at the IdP. IdP redirects user back to the SP along with a signed SAML response, which contains information on the user it just authenticated.
SP verifies the signature, reads the response, identifies the correct user in its system, and logs them in.
Before any of that could happen, though, the service and ID providers had to establish a trusted relationship. The usual flow for that goes like this:
A Glyue administrator configures and activates SAML SSO and then provides a metadata file to the other organization.
An IdP administrator at the organization adds Glyue as an SP, uploads the metadata, and configures as necessary. They provide another metadata file back to the Glyue admin.
The Glyue admin adds the IdP and uploads its metadata.
Once done, the IdP should appear on the Glyue login screen as an option for users.
No. By default users are auto-created if coming from an installed IdP.
This feature can be toggled off if asked.
On the Identity Provider record on the Admin site, it can be set to automatically add users to an organization and/or mark as staff. If the Default Staff Group or Default Non-Staff Group are set on the Global Config, new users will be added to those groups as appropriate depending on staff status.
This way, user onboarding can be completely automated, so new users are added to your Organization (if using Organizations) as well as added to a Group with permissions to certain integrations.
Not at this time, but if you want this feature added to Glyue please let us know!
Yes. New users can be restricted to SSO by unchecking "Allow Password Login" on the invite page. If the user already exists, go to Admin > Accounts, select the account, and uncheck "Allow password auth" and save.
No. For a deeper explanation as to the differences between SAML and OIDC, see from , a respected cloud-based authentication provider and IT asset management platform.