Single Sign-On Setup

New
  • Published on Jan 30, 2025
  • 5 minute(s) read

SSO is a faster and more efficient way for users to log into the various systems and applications they need daily, making managing user access to those systems more secure and efficient. Once a user is authenticated against your system, you can grant them access to as many resources within (or outside) your firewall as they need. SSO also streamlines the deactivation of accounts configured as SSO. In addition, SSO allows you to implement 2FA, MFA, Two-Factor Authorization, and other security layers for a more secure system.

Gladly supports standard Secure Assertion Markup Language (SAML) 2.0 integration with any enterprise Identity Provider to provide Gladly single sign-on (SSO) access. We have internally tested against the following enterprise Identity Providers:

  • Azure Active Directory

  • Active Directory Federation Services (ADFS)

  • Google

Once activated, your users are redirected to the Identity Provider of your choice to complete their login process. Once logged in, they can access Gladly (along with all the other services and applications under your Identity Provider) without entering separate login credentials.

Set up SSO for Gladly

The use of SSO for Gladly requires several configuration changes in both Gladly and your Identity Provider. More specifically, we'll need the metadata XML file that describes how your Identity Provider is set up. This contains information that allows Gladly to verify that SSO responses are coming from your Identity Provider.

Before you start

Review the following tips before proceeding to set up SSO:

  • Activate SSO in Gladly by toggling the Use SSO option in the Activate Single Sign-On setting page.

  • Add/upload all of your users to Gladly once you configure Gladly with your SSO provider.  

    • Note – Only upload users to Gladly once SSO is activated.

  • Users you need to add in the future must be added to Gladly first, then given SSO access via your provider.

Azure

  1. In your Azure Dashboard, click on Azure Active Directory
    Menu displaying Azure services including Azure Active Directory and Monitor options.

  2. Select Enterprise applications.
    Menu options include organizational relationships, roles, enterprise applications, and app registrations.

  3. From the panel, select Non-gallery application.
    Options to add applications in Azure AD, including custom and non-gallery apps.

  4. In the next panel, give your application a name, then click Add. For this example, we'll be naming our application 'Gladly.'
    Input field for application name with instructions for adding a new application.

  5. On the next screen, fill in the following fields as follows:
    Configuration settings for SAML-based single sign-on with Gladly and Azure AD.

    • Single Sign-on Mode Select SAML-based Sign-on from the dropdown list.

    • Identifier (Entity ID) – This can be found on the Single Sign-On settings page.

    • Reply URL (Assertion Consumer Service URL - ACS) – This can be found on the Single Sign-On settings page.

    • User Identifier – Select user.email from the dropdown list.

  6. Click Save.

  7. Scroll down to the SAML Signing Certificate section and copy the URL in the App Federation Metadata URL field.
    SAML Signing Certificate management interface with status, expiration, and download options displayed.

  8. Log into Gladly, click on the top left corner of the screen, click Settings, then Single Sign-On.

    • Toggle Use SSO (toggle is green) to activate SSO.

    • See Activate Single Sign-On for more information on how to save the Metadata URL.

  9. Paste the Metadata URL in the Fetch metadata from URL field, then click Save. This generates the Metadata XML. Return to the SSO configuration page for your Gladly application. From the Azure Active Directory console, go to Azure Active Directory > Enterprise applications > Gladly application > Single sign-on. Click Upload metadata file from this page.

  10. Click on Upload metadata file.

  11. Click Upload and select the metadata from the Activate Single Sign-On settings page in Gladly.
    Upload a SAML metadata configuration file for Gladly integration.

  12. Click Save.

Success! SAML SSO is now configured. You can begin adding users to Gladly so they receive an invitation to access Gladly.

OneLogin

  1. Go to Applications (Apps).

  2. Click Add App.

  3. From the Find Applications page, search for OneLogin's SAML Custom Connector to add it.

  4. Set the display name to Gladly.

  5. Click Save.

  6. Click on Configuration and set up the following:

    • SAML Consumer URL –  Gladly ACS URL

    • SAML Audience – Gladly Metadata URL

    • SAML Recipient – Gladly ACS URL

  7. Click More Actions, then SAML Metadata.

  8. Download the metadata XML file, copy its contents, and configure it as the metadata XML in Gladly SSO settings.

  9. Go to Users in OneLogin.

  10. Add the appropriate users who need SSO access to Gladly.

  11. Ensure each NameID for each user matches the Agent's email address in Gladly.

G Suite / Google Workspace

  1. From the Google Admin Console page, go to Apps > Web & Mobile Apps.

  2. Click Add App > Add custom SAML app.

  3. Name the app "Gladly" and click Next.

  4. Download the IDP metadata file.

  5. Log into Gladly, click on the top left corner of the screen, click Settings, then Single Sign-On.

  6. Toggle Use SSO (toggle is green) to activate SSO.

    • Click Paste metadata, then paste the metadata you downloaded from G Suite into the metadata field. Click Save.

  7. Go back to Google Admin Console and click Continue.

  8. Set the ACS URL, which can be found on the Single Sign-On settings page.

  9. Set Entity ID/Metadata URL, which can be found on the Single Sign-On settings page.

  10. Keep clicking Continue; all other settings should be left to the default setting.

  11. When you are done, follow Turn on your SAML App directions to grant the users access to SSO. Then, make sure to add users to Gladly so they receive an invitation to access Gladly via SSO.

If you get a 403 app_not_enabled_for_user, error this means the user account doesn't have permission in Google Workspace, even if it has been granted in Gladly. Do the following to fix this error.

  1. From the Google Workspace Admin console homepage, go to Apps > Web > Mobile Apps.

  2. Find Gladly in the app list and click it to open the Settings page.

  3. Click User access.

  4. Turn the app On for everyone in the organization who needs access to Gladly.

Okta

  1. Log in to your Okta Admin account.

  2. Go to Applications > Applications > Create App Integration.

  3. Select SAML 2.0

  4. Click Next.

  5. Enter "Gladly" as the name.

  6. Click Next.

  7. Under the Configure SAML tab > Section A: SAML Settings

    • Single Sign-on URL – Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly ACS URL

    • Audience URI (SP Entity ID) – Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly Metadata URL

    • Default RelayState – Keep it Blank

    • Name ID format – Select EmailAddress

    • Application username – Select Email

  8. Click Next/Finish.

    • Note – If the next step asks, "Are you a customer or partner?" Select I'm an Okta customer, adding an internal app.

  9. Click Finish.

  10. In the Gladly app in Okta, go to the Assignments tab and add the users that will need to access Gladly via Okta.

  11. Click on the Sign On tab and click Copy to copy the Metadata URL.

  12. Go to Gladly Hero > Settings > Single Sign-On.

  13. From the Single Sign-On page, click the Allow SSO toggle.

  14. Paste the Metadata URL from step 11 in the Fetch metadata from URL (upon Save) field.

  15. Click Save.

  16. Go to Gladly Hero > Settings > Users. Add the same users from Step 10 to Gladly. Since SSO has been activated, they do not need to activate their Gladly account through the email invitation they receive.

Related docs