- 22 Dec 2022
- 6 Minutes to read
-
DarkLight
Single Sign-On
- Updated on 22 Dec 2022
- 6 Minutes to read
-
DarkLight
Configuring single sign-on (SSO) enables you to provision my.G2 admin access using your identity and access management (IAM) platform.
IAM software protects your systems from unauthorized access by only allowing authenticated, authorized users to access specific company systems and data. For more details about IAM solutions, refer to G2’s IAM category page.
Basics of SSO in my.G2
Benefits of SSO
SSO mitigates the burden and potential security risk of maintaining unique login credentials for each piece of software in your tech stack.
Depending on your IAM platform, configuring SSO also enables you to conveniently access my.G2 alongside your other SSO-enabled software.
Provisioning multi-product access with SSO
Access to my.G2 is typically granted via the Admin Users tab, which is scoped to a single product – if you have multiple products listed on G2, you must manage access for each product individually using the corresponding Admin Users tab.
Configuring SSO enables you to provision my.G2 access for multiple products simultaneously by grouping them into an Organization.
Before getting started with implementation, your G2 representative will verify the products you want to group into an Organization.
You can create multiple Organizations to manage access to different groupings of products via SSO. Each product can only belong to one Organization, but users can belong to multiple Organizations.
If you create multiple Organizations, you must repeat the implementation steps for each Organization.
Migrating existing my.G2 users
G2 automatically migrates your existing users to SSO while maintaining their existing permission sets. To verify that your users have been migrated appropriately, navigate to my.G2, then Single Sign On > Users.
Implementation
Before getting started
Before proceeding with the following implementation steps, please contact your G2 representative to configure SSO for your organization.
If you have multiple products listed on G2, you can use SSO to provision access to multiple products simultaneously. For more information, refer to the Provisioning multi-product access with SSO section.
1. Access your SAML configuration details in my.G2
There are several configuration details you must provide to your identity and access management (IAM) platform to initiate the authentication process.
Navigate to my.G2, then Single Sign On > Single Sign On. Retain the information in the Details section for configuring SAML in the next step.
2. Configure SAML in your IAM platform
G2 offers step-by-step configuration instructions for creating a new SAML integration in common IAM platforms. If your platform is not included, please contact your IAM platform representative for assistance creating a new SAML integration.
G2 can pass supplemental user attributes to your SAML assertion, including first name, last name, and company.
If your IAM platform supports SCIM provisioning, you'll be able to update these my.G2 user attributes directly from your IAM platform.
You must define this mapping relationship in your IAM platform using the key names of first_name
, last_name
, and company
before providing this information to G2 in the next step.
3. Add your identity provider credentials to my.G2
After configuring your SAML integration, your IAM platform will generate access credentials for G2, including an Identity Provider Single Sign-On URL and an Identity Provider Certificate.
To add these credentials:
- Navigate to my.G2, then Single Sign On > Single Sign On.
- Open the Settings dropdown, then enter your credentials into the corresponding fields.
- (Optional) If you added supplemental attribute statements to your SAML assertion, enter the associated values in the Attribute Statements section.
- Select Save.
4. Activate SSO
To activate SSO, select Connect, then select Login with SSO. If you successfully configured SSO, you will be redirected to the Single Sign On tab and a checkmark will be displayed.
If your connection attempt fails, verify that you assigned yourself SSO access in your IAM platform.
After successfully connecting, set the Manage this Organization with SSO slider to ON to enable SSO.
You should ensure that your users are assigned SSO access in your IAM platform. Users will not be able to log into my.G2 until they are assigned access.
Configuring SAML in your IAM platform
G2 offers instructions for configuring SAML integrations in commonly-used identity and access management (IAM) platforms. These instructions should be used to complete step 2 of the implementation process.
Okta
1. Create a new app in Okta
To get started, log in to Okta, then navigate to the Applications tab.
To create a new app:
- Select Create App Integration.
- Select SAML 2.0 as your authentication method, then select Next.
- In the General Settings panel, enter the following information, then select Next.
Field | Value |
---|---|
App name | my.G2 |
App logo | Download G2’s logo from this link, then select the Upload icon to add the logo to your Okta app. |
App visibility | G2 recommends selecting the corresponding checkbox to hide your application from users until you have completed the full implementation process. |
2. Configure SAML
After entering your General Settings, you can configure SAML for your my.G2 app.
To configure your SAML settings:
- In the SAML Settings panel, enter your G2-provided Single sign on URL and Audience URI.
For more information, refer to the Access your SAML configuration details in my.G2 section.
- From the Name ID format dropdown, select EmailAddress.
- (Optional) If you want to include custom user attributes in your SAML assertion, use the Attribute Statements section to map the Name and Value relationships.
Name | Name format | Value |
---|---|---|
first_name | Basic | user.firstName |
last_name | Basic | user.lastName |
company | Basic | user.company |
- Select Next.
3. Feedback for Okta Support
Okta requests that you provide two supplemental pieces of information about your new app. Enter the following information, then select Finish.
Field | Value |
---|---|
Are you a customer or partner? | I’m an Okta customer adding an Internal app |
App type | This is an internal app that we have created |
4. Assign access
You must assign SSO access to yourself to complete the implementation process in my.G2. Navigate to the Assignments tab, then select Assign > Assign to People to search for and select your user account.
You can also assign access to other members of your organization at this step. Users will not be able to log into my.G2 until they are assigned app access in Okta.
5. (Optional) Enable SCIM provisioning
SCIM provisioning enables you to add, update, and remove my.G2 users directly from Okta.
In order to use SCIM provisioning to update user information, you must map the first_name
, last_name
, and company
user attributes in your SAML assertion.
If you did not map custom attributes when configuring your SAML settings, refer to step 3 of the Configure SAML section before proceeding.
You will use your G2-provided SCIM Base URL and SCIM Authentication Token to configure SCIM provisioning in Okta. For more information on accessing your SCIM Base URL and SCIM Authentication Token, refer to the Access your SAML configuration details in my.G2 section.
To activate SCIM provisioning:
- Navigate to the General tab, then select Edit to access your App Settings.
- From the Provisioning section, select the Enable SCIM provisioning checkbox, then select Save.
- Navigate to the Provisioning tab, then select Edit to access your SCIM Connection settings.
- In the SCIM connector base URL section, enter your G2-provided SCIM Base URL.
- In the Unique identifier field for users field, enter
userName
. - In the Supported provisioning actions section, select the checkboxes for Import New User and Profile Updates, Push New Users, and Push Profile Updates.
- Set the Authentication Mode dropdown to HTTP Header, then paste your G2-provided SCIM Authentication Token into the Authorization field.
- Select Save to test your configuration. If successful, you will be redirected to the Provisioning to App tab.
- Select Edit, then select the Enable checkboxes for Create Users, Update User Attributes, and Deactivate Users.
- Select Save.
6. Access your SAML setup instructions
To access your SAML credentials:
- Navigate to the Sign On tab.
- From the SAML Setup section, select View SAML setup instructions.
- Copy the information in the Identity Provider Single Sign-On URL and X.509 Certificate sections.
- Proceed with step 3 of implementation, entering your Identity Provider Single Sign-On URL and X.509 Certificate into the corresponding fields in my.G2.