Single Sign-On
  • 22 Dec 2022
  • 6 Minutes to read
  • Dark
    Light

Single Sign-On

  • Dark
    Light

Configuring single sign-on (SSO) enables you to provision my.G2 admin access using your identity and access management (IAM) platform.

sso demo

IAM software protects your systems from unauthorized access by only allowing authenticated, authorized users to access specific company systems and data. For more details about IAM solutions, refer to G2’s IAM category page.

Basics of SSO in my.G2

Benefits of SSO

SSO mitigates the burden and potential security risk of maintaining unique login credentials for each piece of software in your tech stack.

Depending on your IAM platform, configuring SSO also enables you to conveniently access my.G2 alongside your other SSO-enabled software.

sso app launch

Provisioning multi-product access with SSO

Access to my.G2 is typically granted via the Admin Users tab, which is scoped to a single product – if you have multiple products listed on G2, you must manage access for each product individually using the corresponding Admin Users tab.

sso current provisioning per product

Configuring SSO enables you to provision my.G2 access for multiple products simultaneously by grouping them into an Organization.

sso organization provisioning diagram

Before getting started with implementation, your G2 representative will verify the products you want to group into an Organization.

You can create multiple Organizations to manage access to different groupings of products via SSO. Each product can only belong to one Organization, but users can belong to multiple Organizations.

sso multiple organization diagram

If you create multiple Organizations, you must repeat the implementation steps for each Organization.

Migrating existing my.G2 users

G2 automatically migrates your existing users to SSO while maintaining their existing permission sets. To verify that your users have been migrated appropriately, navigate to my.G2, then Single Sign On > Users.

migrate existing users to organization

Implementation

Before getting started

Before proceeding with the following implementation steps, please contact your G2 representative to configure SSO for your organization.

If you have multiple products listed on G2, you can use SSO to provision access to multiple products simultaneously. For more information, refer to the Provisioning multi-product access with SSO section.

1. Access your SAML configuration details in my.G2

There are several configuration details you must provide to your identity and access management (IAM) platform to initiate the authentication process.

Navigate to my.G2, then Single Sign On > Single Sign On. Retain the information in the Details section for configuring SAML in the next step.

access configuration credentials

2. Configure SAML in your IAM platform

G2 offers step-by-step configuration instructions for creating a new SAML integration in common IAM platforms. If your platform is not included, please contact your IAM platform representative for assistance creating a new SAML integration.

G2 can pass supplemental user attributes to your SAML assertion, including first name, last name, and company.

If your IAM platform supports SCIM provisioning, you'll be able to update these my.G2 user attributes directly from your IAM platform.

You must define this mapping relationship in your IAM platform using the key names of first_name, last_name, and company before providing this information to G2 in the next step.

3. Add your identity provider credentials to my.G2

After configuring your SAML integration, your IAM platform will generate access credentials for G2, including an Identity Provider Single Sign-On URL and an Identity Provider Certificate.

To add these credentials:

  1. Navigate to my.G2, then Single Sign On > Single Sign On.
  2. Open the Settings dropdown, then enter your credentials into the corresponding fields.

sso add idp credentials

  1. (Optional) If you added supplemental attribute statements to your SAML assertion, enter the associated values in the Attribute Statements section.

sso add idp credentials

  1. Select Save.

4. Activate SSO

To activate SSO, select Connect, then select Login with SSO. If you successfully configured SSO, you will be redirected to the Single Sign On tab and a checkmark will be displayed.

sso test SAML

If your connection attempt fails, verify that you assigned yourself SSO access in your IAM platform.

After successfully connecting, set the Manage this Organization with SSO slider to ON to enable SSO.

sso toggle active

You should ensure that your users are assigned SSO access in your IAM platform. Users will not be able to log into my.G2 until they are assigned access.

Configuring SAML in your IAM platform

G2 offers instructions for configuring SAML integrations in commonly-used identity and access management (IAM) platforms. These instructions should be used to complete step 2 of the implementation process.

Okta

1. Create a new app in Okta

To get started, log in to Okta, then navigate to the Applications tab.

sso okta create app

To create a new app:

  1. Select Create App Integration.
  2. Select SAML 2.0 as your authentication method, then select Next.
  3. In the General Settings panel, enter the following information, then select Next.
Field Value
App name my.G2
App logo Download G2’s logo from this link, then select the Upload icon to add the logo to your Okta app.
App visibility G2 recommends selecting the corresponding checkbox to hide your application from users until you have completed the full implementation process.

sso okta general settings

2. Configure SAML

After entering your General Settings, you can configure SAML for your my.G2 app.

sso okta configure saml

To configure your SAML settings:

  1. In the SAML Settings panel, enter your G2-provided Single sign on URL and Audience URI.

For more information, refer to the Access your SAML configuration details in my.G2 section.

  1. From the Name ID format dropdown, select EmailAddress.
  2. (Optional) If you want to include custom user attributes in your SAML assertion, use the Attribute Statements section to map the Name and Value relationships.
Name Name format Value
first_name Basic user.firstName
last_name Basic user.lastName
company Basic user.company

sso okta attribute statements

  1. Select Next.

3. Feedback for Okta Support

Okta requests that you provide two supplemental pieces of information about your new app. Enter the following information, then select Finish.

Field Value
Are you a customer or partner? I’m an Okta customer adding an Internal app
App type This is an internal app that we have created

sso okta feedback

4. Assign access

You must assign SSO access to yourself to complete the implementation process in my.G2. Navigate to the Assignments tab, then select Assign > Assign to People to search for and select your user account.

sso okta assign app

You can also assign access to other members of your organization at this step. Users will not be able to log into my.G2 until they are assigned app access in Okta.

5. (Optional) Enable SCIM provisioning

SCIM provisioning enables you to add, update, and remove my.G2 users directly from Okta.

In order to use SCIM provisioning to update user information, you must map the first_name, last_name, and company user attributes in your SAML assertion.

If you did not map custom attributes when configuring your SAML settings, refer to step 3 of the Configure SAML section before proceeding.

You will use your G2-provided SCIM Base URL and SCIM Authentication Token to configure SCIM provisioning in Okta. For more information on accessing your SCIM Base URL and SCIM Authentication Token, refer to the Access your SAML configuration details in my.G2 section.

To activate SCIM provisioning:

  1. Navigate to the General tab, then select Edit to access your App Settings.
  2. From the Provisioning section, select the Enable SCIM provisioning checkbox, then select Save.

okta enable SCIM

  1. Navigate to the Provisioning tab, then select Edit to access your SCIM Connection settings.

okta access SCIM configuration

  1. In the SCIM connector base URL section, enter your G2-provided SCIM Base URL.
  2. In the Unique identifier field for users field, enter userName.
  3. In the Supported provisioning actions section, select the checkboxes for Import New User and Profile Updates, Push New Users, and Push Profile Updates.

okta add SCIM credentials and permissions

  1. Set the Authentication Mode dropdown to HTTP Header, then paste your G2-provided SCIM Authentication Token into the Authorization field.

okta add SCIM HTTP auth bearer token

  1. Select Save to test your configuration. If successful, you will be redirected to the Provisioning to App tab.

example successful auth

  1. Select Edit, then select the Enable checkboxes for Create Users, Update User Attributes, and Deactivate Users.

select SCIM permissions checkboxes

  1. Select Save.

6. Access your SAML setup instructions

sso saml setup

To access your SAML credentials:

  1. Navigate to the Sign On tab.
  2. From the SAML Setup section, select View SAML setup instructions.
  3. Copy the information in the Identity Provider Single Sign-On URL and X.509 Certificate sections.
  4. Proceed with step 3 of implementation, entering your Identity Provider Single Sign-On URL and X.509 Certificate into the corresponding fields in my.G2.

sso saml credentials


What's Next