- 22 Jul 2022
- 4 Minutes To Read
Single Sign-On Setup
- Updated On 22 Jul 2022
- 4 Minutes To Read
Gladly supports standard Secure Assertion Markup Language (SAML) 2.0 integration with any enterprise Identity Provider to provide Gladly single sign-on (SSO) access. We have internally tested against the following enterprise Identity Providers:
- Azure Active Directory
- Active Directory Federation Services (ADFS)
Once activated, your users are redirected to the Identity Provider of your choice to complete their login process. Once logged in, they'll be able to access Gladly (along with all the other services and applications under the umbrella of your Identity Provider) without the need to enter separate login credentials.
SSO is a faster and more efficient way for users to log into the various systems and applications they need for their day-to-day, making for a more secure and efficient way to manage user access to those systems. Once a user is authenticated against your system, you can grant them access to as many resources within (or outside) your firewall. It also streamlines the deactivation of accounts configured as SSO. To add, SSO allows you to implement 2FA, MFA, Two-Factor Authorization, and other security layers for a more secure system.
Set up SSO for Gladly
The use of SSO for Gladly requires several configuration changes in both Gladly and your Identity Provider. More specifically, we'll need the metadata XML file that describes how your Identity Provider is set up. This contains information that allows Gladly to verify that SSO responses are coming from your Identity Provider.
Before you start
Before you set up SSO, be aware of the steps below.
- Activate SSO in Gladly by toggling the Use SSO option in the Activate Single Sign-On setting page.
- Add/upload all of your users to Gladly once you configure Gladly with your SSO provider.
Success! SAML SSO is now configured. You can begin adding users to Gladly so they receive an invitation to access Gladly.
- Go to Applications (Apps).
- Click Add App.
- From the Find Applications page, search for OneLogin's SAML Custom Connector to add it.
- Set the display name to Gladly.
- Click Save.
- Click on Configuration and set up the following:
- SAML Consumer URL – Gladly ACS URL
- SAML Audience – Gladly Metadata URL
- SAML Recipient – Gladly ACS URL
- Click More Actions, then SAML Metadata.
- Download the metadata XML file, copy its contents and configure it as the metadata XML in Gladly SSO settings.
- Go to Users in OneLogin.
- Add the appropriate users that need SSO access to Gladly.
- Make sure each NameID for each user matches the Agent's email address in Gladly.
G Suite / Google Workspace
- From the Google Admin Console page, click on Apps > Web & Mobile Apps.
- Click Add App > Add custom SAML app.
- Name the app "Gladly" and click Next.
- Download the IDP metadata file.
- Log into Gladly, click the Menu icon on the top left corner, and click More Settings > Single Sign-On.
- Toggle Use SSO(so it's green) to activate SSO.
- Click Paste metadata, then paste in the metadata you downloaded from G Suite into the metadata field. Click Save.
- Go back to Google Admin Console and click Continue.
- Set the ACS URL which can be found on the Single Sign-On settings page.
- Set Entity ID/Metadata URL which can be found on the Single Sign-On settings page.
- Keep clicking Continue; all other settings should be left to the default setting.
- When you are done, follow Turn on your SAML App directions to grant the users access to SSO. Then, make sure to add users to Gladly so they receive an invitation to access Gladly via SSO.
If you get a 403 app_not_enabled_for_user, error this means the user account doesn't have permission in Google Workspace, even if it has been granted in Gladly. Do the following to fix this error.
- From the Google Workspace Admin console homepage, go to Apps > Web > Mobile Apps.
- Find Gladly in the app list and click it to open the Settings page.
- Click User access.
- Turn the app On for everyone in the organization that needs access to Gladly.