---
title: "Single Sign-On Setup"
slug: "single-sign-on-setup"
description: "Enhance security and productivity with SSO integration for Gladly. Simplify login processes and grant users easy access to resources."
updated: 2025-03-05T15:14:52Z
published: 2025-03-05T15:14:52Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.gladly.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On Setup

SSO is a faster and more efficient way for users to log into the various systems and applications they need daily, making managing user access to those systems more secure and efficient. Once a user is authenticated against your system, you can grant them access to as many resources within (or outside) your firewall as they need. SSO also streamlines the deactivation of accounts configured as SSO. In addition, SSO allows you to implement 2FA, MFA, Two-Factor Authorization, and other security layers for a more secure system.

Gladly supports standard **Secure Assertion Markup Language (SAML) 2.0** integration with any enterprise Identity Provider to provide Gladly single sign-on (SSO) access. We have internally tested against the following enterprise Identity Providers:

- Azure Active Directory
- Active Directory Federation Services (ADFS)
- Google

Once activated, your users are redirected to the Identity Provider of your choice to complete their login process. Once logged in, they can access Gladly (along with all the other services and applications under your Identity Provider) without entering separate login credentials.

## Set up SSO for Gladly

The use of SSO for Gladly requires several configuration changes in both Gladly and your Identity Provider. More specifically, we'll need the **metadata XML file** that describes how your Identity Provider is set up. This contains information that allows Gladly to verify that SSO responses are coming from your Identity Provider.

### Before you start

Review the following tips before proceeding to set up SSO:

- Activate SSO in Gladly by toggling the **Use SSO** option in the [Activate Single Sign-On](https://help.gladly.com/docs/activate-and-manage-single-sign-on) setting page.
- [Add/upload](https://help.gladly.com/docs/managing-users-and-roles) all of your users to Gladly once you configure Gladly with your SSO provider.
  - **Note –** Only upload users to Gladly once SSO is activated.
- Users you need to add in the future must be added to Gladly first, then given SSO access via your provider.

### Azure

1. In your Azure Dashboard, click on **Azure Active Directory** ![Menu displaying Azure services including Azure Active Directory and Monitor options.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/Azure_image63.webp)
2. Select **Enterprise applications**.

![Menu options include organizational relationships, roles, enterprise applications, and app registrations.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/enterpriseapps.webp)
3. From the panel, select **Non-gallery application**.

![Options to add applications in Azure AD, including custom and non-gallery apps.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/add_app.webp)
4. In the next panel, give your application a name, then click **Add**. For this example, we'll be naming our application 'Gladly.'

![Input field for application name with instructions for adding a new application.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/add-own-app.webp)
5. On the next screen, fill in the following fields as follows:

![Configuration settings for SAML-based single sign-on with Gladly and Azure AD.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/saml-based.webp)
  - **Single Sign-on Mode**–****Select **SAML-based Sign-on** from the dropdown list.
  - **Identifier (Entity ID) –** This can be found on the [Single Sign-On settings](https://help.gladly.com/docs/activate-and-manage-single-sign-on#reference-metadata-and-acs-url) page.
  - **Reply URL (Assertion Consumer Service URL - ACS) –** This can be found on the [Single Sign-On settings](https://help.gladly.com/docs/activate-and-manage-single-sign-on#reference-metadata-and-acs-url) page.
  - **User Identifier –** Select **user.email** from the dropdown list.
6. Click **Save.**
7. Scroll down to the **SAML Signing Certificate** section and copy the URL in the **App Federation Metadata URL** field.

![SAML Signing Certificate management interface with status, expiration, and download options displayed.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/metadataurl.webp)
8. Log into Gladly, click ![](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/hamburger-menu-icon(2).svg) on the top left corner of the screen, click **Settings**, then **Single Sign-On**.
  - Toggle **Use SSO** (toggle is green) to activate SSO.
  - See [Activate Single Sign-On](https://help.gladly.com/docs/activate-and-manage-single-sign-on) for more information on how to save the Metadata URL.
9. Paste the Metadata URL in the **Fetch metadata from URL**field, then click **Save**. This generates the Metadata XML. Return to the SSO configuration page for your Gladly application. From the Azure Active Directory console, go to **Azure Active Directory > Enterprise applications > Gladly application > Single sign-on**. Click **Upload metadata file** from this page.
10. Click on **Upload metadata file**.
11. Click **Upload**and select the metadata from the [Activate Single Sign-On](https://help.gladly.com/docs/activate-and-manage-single-sign-on) settings page in Gladly.

![Upload a SAML metadata configuration file for Gladly integration.](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/config-file.webp)
12. Click **Save**.

Success! SAML SSO is now configured. You can begin [adding users to Gladly](https://help.gladly.com/docs/managing-users-and-roles) so they receive an invitation to access Gladly.

### OneLogin

1. Go to **Applications** (Apps).
2. Click **Add App.**
3. From the Find Applications page, search for OneLogin's*SAML Custom Connector* to add it.
4. Set the display name to *Gladly*.
5. Click **Save**.
6. Click on Configuration and set up the following:
  - **SAML Consumer URL –** Gladly ACS URL
  - **SAML Audience –** Gladly Metadata URL
  - **SAML Recipient –** Gladly ACS URL
7. Click **More Actions**, then**SAML Metadata**.
8. Download the metadata XML file, copy its contents, and configure it as the metadata XML in [Gladly SSO settings](https://help.gladly.com/docs/activate-and-manage-single-sign-on).
9. Go to **Users** in OneLogin.
10. Add the appropriate users who need SSO access to Gladly.
11. Ensure each **NameID** for each user matches the Agent's email address in Gladly.

### **G Suite / Google Workspace**

1. From the Google Admin Console page, go to **Apps > Web & Mobile Apps**.
2. Click **Add App > Add custom SAML app**.
3. Name the app "Gladly" and click **Next**.
4. Download the IDP metadata file.
5. Log into Gladly, click ![](https://cdn.us.document360.io/7047b671-c4f2-4df0-bb0a-b9b511fd2452/Images/Documentation/hamburger-menu-icon(2).svg) on the top left corner of the screen, click **Settings**, then **Single Sign-On**.
6. Toggle **Use SSO** (toggle is green) to activate SSO.
  - Click **Paste metadata,** then paste the metadata you downloaded from G Suite into the **metadata** field. Click **Save**.
7. Go back to Google Admin Console and click **Continue**.
8. Set the **ACS URL,** which can be found on the Single Sign-On settings page.
9. Set **Entity ID/Metadata URL,** which can be found on the [Single Sign-On settings](https://help.gladly.com/docs/activate-and-manage-single-sign-on#reference-metadata-and-acs-url) page.
10. Keep clicking **Continue**; all other settings should be left to the default setting.
11. When you are done, follow [Turn on your SAML App](https://support.google.com/a/answer/6087519?hl=en) directions to grant the users access to SSO. Then, make sure to [add users to Gladly](https://help.gladly.com/docs/managing-users-and-roles) so they receive an invitation to access Gladly via SSO.

If you get a *403 app_not_enabled_for_user,* error this means the user account doesn't have permission in Google Workspace, even if it has been granted in Gladly. Do the following to fix this error.

1. From the Google Workspace Admin console homepage, go to **Apps** > **Web** > **Mobile Apps**.
2. Find Gladly in the app list and click it to open the Settings page.
3. Click **User access**.
4. Turn the app **On** for everyone in the organization who needs access to Gladly.

### Okta

1. Log in to your Okta Admin account.
2. Go to **Applications > Applications > Create App Integration**.
3. Select SAML 2.0
4. Click **Next**.
5. Enter "Gladly" as the name.
6. Click **Next**.
7. Under the Configure SAML tab > Section A: SAML Settings
  - **Single Sign-on URL –** Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly ACS URL
  - **Audience URI (SP Entity ID) –**Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly Metadata URL
  - **Default RelayState –**Keep it Blank
  - **Name ID format –**Select EmailAddress
  - **Application username –**Select Email
8. Click **Next/Finish.**
  - **Note –** If the next step asks, "Are you a customer or partner?" Select **I'm an Okta customer, adding an internal app**.
9. Click **Finish**.
10. In the Gladly app in Okta, go to the **Assignments** tab and add the users that will need to access Gladly via Okta.
11. Click on the Sign On tab and click **Copy**to copy the Metadata URL.
12. Go to [**Gladly Hero > Settings > Single Sign-On**](https://help.gladly.com/docs/activate-and-manage-single-sign-on/#use-sso-for-gladly).
13. From the Single Sign-On page, click the **Allow SSO** toggle.
14. Paste the Metadata URL from step 11 in the **Fetch metadata from URL (upon Save)** field.
15. Click **Save**.
16. Go to **Gladly Hero > Settings > Users**. [Add the same users](https://help.gladly.com/docs/managing-users-and-roles) from Step 10 to Gladly. Since SSO has been activated, they do not need to activate their Gladly account through the email invitation they receive.

Single Sign-On (SSO) allows users to access multiple applications and websites with one set of credentials. SSO uses a trust relationship between the IdP (Identity Provider and the SP (Service Provider). The IdP passes an assertion to the SP to authenticate the user, often using an identity standard like Security Assertion Markup Language (SAML) or OpenID Connect (OIDC).