Glyue User Docs
  • What is Glyue?
  • Tutorials
    • Start Here
    • Building a Single-Step Integration
      • 1. Creating the Integration
      • 2. Calling the External System
      • 3. Running the Integration
      • 4. Crafting the Output
    • Building a Multi-System Integration
      • 1. Connecting to the Core
      • 2. Field Mapping
      • 3. Running the Integration
    • Building an Event-Driven Integration
      • 1. Setting up the Mock CRM
      • 2. Receiving Inbound Requests
      • 3. Triggering the Integration from the CRM
    • Building an Email Integration
      • 1. Create and Configure the Integration
      • 2. Input Validation
      • 3. Get Story IDs from Hacker News
      • 4. Get Story Content
      • 5. Sending the Email
      • 6. Wrapping Up
      • 7. Extra credit
        • extra_credit.json
    • Building a RESTful CRUD Web Service
      • 1. Integration Setup
      • 2. Vault Setup
      • 3. Create Web Service Endpoints
      • 4. Execute Web Service Endpoints with Vault Methods
      • 5. Vault Code Examples and Explanation
    • Building a Retrieval API against FIS CodeConnect
      • 1. Integration Setup
      • 2. Service Request Setup
      • 3. Field Mapping Setup
      • 4. Integration and Service Request Hook Setup
      • 5. Testing the Integration
      • 6. Common Errors
    • What is Pre-Mapping?
      • Before you start
      • Bookmarks
      • Source and Targets
      • Field Mapping Status
      • Field Mapping Comments
      • Summary
  • How-To Guides
    • How to Run an Integration from Glyue
    • How to Invite New Users
    • How to Create a Value Mapping Set
    • How to Build and Deploy a Custom Frontend
    • How to Migrate an Integration
    • How to Set Up Single Sign On (SSO)
      • Glyue Setup
      • JumpCloud Setup
      • Azure Setup
      • Okta Setup
      • Glyue SAML Config Reference
    • How to Install the Glyue App for Zoom Contact Center
    • How to use the Vault
  • Reference
    • Integration Builder Page
    • Integration Anatomy
    • Integration Components
      • Integration
      • Service Request
      • Field Mapping
      • Value Mapping Set
      • Value Mapping
      • Validation Rule
      • Mask
      • Integration Config
      • Integration Engine Versions
    • Integration Lifecycle
    • Special Functions
      • add_run_label
      • callint
      • debug
      • end
      • get_namespace
      • humanize
      • import_helper
      • keep
      • list_files
      • map_value
      • open_glyuefile
      • open_vault
      • Data Manipulation Utilities
      • calladapter
    • Special Variables
      • __adapter_config__
      • input
      • parentint
      • retvalue
      • run_history_id
      • Iterables
        • fitem/fidx
        • sritem/sridx
        • vritem/vridx/vrmsg
    • Adapters
      • Generic HTTP Adapter
      • Email SMTP Adapter
    • Web Service Endpoints
    • Vault Reference
  • Glyue Platform Reference
    • Banking Core Connectivity Guide
    • Authentication
    • Permissions
      • Service Accounts
      • Organizations
    • Frontends
    • Idempotency Layer
    • Integration Scheduler
    • Governance Reports
    • Arbitrary Integration Request Content Support
    • Admin Components
    • Logging
  • ETL
    • Glyue ETL Overview
    • Data Connectors
    • Workflows
    • Run History
    • Scheduler
Powered by GitBook
On this page
  • Create a SAML Config
  • General IdP Setup
  • IdP-specific setup instructions
  • Add the IdP to Glyue as a trusted authenticator
  • Testing connectivity

Was this helpful?

  1. How-To Guides
  2. How to Set Up Single Sign On (SSO)

Glyue Setup

This article aims to guide the user through how to set up SAML SSO in Glyue.

PreviousHow to Set Up Single Sign On (SSO)NextJumpCloud Setup

Last updated 1 year ago

Was this helpful?

Before continuing, this user should be a Glyue administrator for the target environment.

Create a SAML Config

Log into Glyue and navigate to the Admin site.

Scroll to the SAML SINGLE SIGN ON section, locate SAML Configs and click Add.

On the web form that displays, scroll to the bottom (without changing any values) and click SAVE.

Default SAML settings are considered secure and should suffice for most use cases. If SSO customization is desired, please see this article:

Note that on the resulting page, there is now a URL and a download link for Glyue’s SAML metadata:

Provide the URL or metadata file to the IdP admin, who now must add Glyue on their end as an external SSO application (aka Service Provider) and supply their IdP SAML metadata.

General IdP Setup

  1. Create a new Service Provider (aka SSO Application, External Application, SSO Integration, SAML Application, etc. or something similar).

  2. Upload the Glyue metadata. Some IdPs won't support uploading a file, and will prefer a URL or even for the data to be copied and pasted.

Glyue always serves its metadata at /sso/saml2/metadata/.

Also, Glyue's metadata can be downloaded from the SAML Configs page on the Admin site. The page will also display the full URL.

  1. Configure as necessary, add users, map user attributes, etc.

By default, a user's email address is used to identify the correct user for login in Glyue. The attribute (aka field) on the Glyue User object is simply email, which may differ from the IdP's User object (which might beemailAddress, email_addr, or something similar).

In this case, the IdP user email address attribute name needs to be mapped to Glyue's. Glyue supports user attribute mapping on its end, and most IdPs do as well.

See Glyue SAML Config Reference for more information.

  1. Save/activate/enable the new SSO application.

  2. There should now be SAML metadata available which should be provided back to the Glyue admin.

IdP-specific setup instructions

Add the IdP to Glyue as a trusted authenticator

Before continuing, Glyue should be configured and active in the IdP, and the IdP's SAML metadata should be available.

On the Admin site, under SAML SINGLE SIGN ON, locate SAML Identity Providers and click +Add.

Provide a name, optionally a logo image, and the metadata.

Click SAVE. Glyue should now allow users to log in via this provider.

Testing connectivity

Log out of Glyue and go to the main page. The login dialog should have a new section, Single Sign On, and the added IdP’s name should appear on a button.

Clicking the button should redirect the user to the IdP login page. After successful authentication, the user should be redirected back to Glyue, bypassing the login screen and going right to the requested page.

If the user encounters a 403 Access Denied error after authenticating, this means Glyue was unable to locate a user based on the information provided by the IdP. This is most likely due to one of the following issues:

  1. The user in Glyue is not active or doesn't exist.

  2. The user’s email address in Glyue does not match exactly to the email address at the IdP.

  3. The IdP has not been properly configured to include the user email address in the information it submits to Glyue for SSO.

  4. The name of the email address user attribute is different between Glyue and the IdP. This can be solved by adding an attribute mapping on the SAML Config page. Some IdPs also have this optionality on their end. See Glyue SAML Config Reference

Glyue SAML Config Reference
JumpCloud Setup
Okta Setup
Azure Setup