---
title: "Single Sign-On"
slug: "single-sign-on"
updated: 2025-06-04T22:57:41Z
published: 2025-06-04T22:57:41Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.g2.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On

Configuring single sign-on (SSO) enables you to provision my.G2 admin access using your identity and access management (IAM) platform.

![sso demo](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-demo.gif)

              
              

IAM software protects your systems from unauthorized access by only allowing authenticated, authorized users to access specific company systems and data. For more details about IAM solutions, refer to G2’s [IAM category page](https://www.g2.com/categories/identity-and-access-management-iam).

SSO mitigates the burden and potential security risk of maintaining unique login credentials for each piece of software in your tech stack. Depending on your IAM platform, configuring SSO also enables you to conveniently access my.G2 alongside your other SSO-enabled software.

![sso app launch](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-app-launch.png)

To access the Single Sign On tab, log in to [my.G2](https://my.g2.com/), then navigate to **Account** > **Single Sign On**.

## Basics of SSO in my.G2

              
              

This section describes the basics of using the *Single Sign On* tab. For more information on setting up SSO, refer to the [Implementation](/docs/single-sign-on#implementation) section.

Access to my.G2 is typically granted via the [Admin Users](https://my.g2.com/~/invites) tab, which is scoped to a single product – if you have multiple products listed on G2, you can manage access for all products in your organization by using the *G2 Product Profiles* dashboard.

:::(Info) For more information on using the *G2 Product Profiles* dashboard, refer to the [Product Access Management](https://documentation.g2.com/docs/product-access-management) documentation. :::

![sso current provisioning per product](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-admin-users-provisioning.gif)

By configuring SSO, you can provision my.G2 access to multiple products simultaneously using *Groups*.

              
              

For more information on creating groups, refer to the [Product Access Management](https://documentation.g2.com/docs/product-access-management#groups) documentation.

By default, new users added via SSO are assigned to the *Marketing* group. To update your default group for SSO, navigate to the **Single Sign On** tab. Select **Settings**, then from the *Default Group for New Users* dropdown, choose a group.

![This screenshot shows the Default Group for New Users dropdown within the Single Sign On tab.](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-update-default-group.png)

You can also sync groups settings between my.G2 and the IAM platform you use for SSO. For more information, refer to the [Syncing groups with your IAM platform](/docs/single-sign-on#syncing-groups-with-your-iam-platform) section.

### Logging in with SSO

When members of your organization authenticate via SSO, their personal G2 accounts are granted permission to manage your product(s) in my.G2. In order to access my.G2, each user must have (and be logged into) a personal G2 account.

Users who are authenticated with SSO but not logged into their personal G2 account will be prompted to log in or create an account before they can access my.G2.

![sso without g2 login](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-authenticate-without-g2-login.png)

## Implementation

### Before getting started

Before proceeding with the following implementation steps, please contact your G2 representative to configure SSO for your organization.

### 1. Access your SAML configuration details in my.G2

There are several configuration details you must provide to your identity and access management (IAM) platform to initiate the authentication process.

Navigate to [my.G2](https://my.g2.com/~/saml_providers), then **Single Sign On** > **Single Sign On**. Retain the information in the *Details* section for [configuring SAML in the next step](/docs/single-sign-on#2-configure-saml-in-your-iam-platform).

![access configuration credentials](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-access-saml-configuration-details.png)

### 2. Configure SAML in your IAM platform

G2 offers [step-by-step configuration instructions](/docs/single-sign-on#configuring-saml-in-your-iam-platform) for creating a new SAML integration in common IAM platforms. If your platform is not included, please contact your IAM platform representative for assistance creating a new SAML integration.

G2 can pass supplemental user attributes to your SAML assertion, including first name, last name, and company.

If your IAM platform supports SCIM provisioning, you'll be able to update these my.G2 user attributes directly from your IAM platform.

You must define this mapping relationship in your IAM platform using the key names of `first_name`, `last_name`, and `company` before [providing this information to G2 in the next step](/docs/single-sign-on#3-add-your-identity-provider-credentials-to-myg2).

              
              

You can also sync SSO access groups between my.G2 and your IAM platform via SCIM. For more information on group permissions, refer to the [Groups](/docs/single-sign-on#groups) section.

For an example of how to sync groups with your IAM provider, refer to the [Syncing groups with your IAM platform](/docs/single-sign-on#syncing-groups-with-your-iam-platform) section.

### 3. Add your identity provider credentials to my.G2

After configuring your SAML integration, your IAM platform will generate access credentials for G2, including an *Identity Provider Single Sign-On URL* and an *Identity Provider Certificate*.

To add these credentials:

1. Navigate to [my.G2](https://my.g2.com/~/saml_providers), then **Single Sign On** > **Single Sign On**.
2. Open the **Settings** dropdown, then enter your credentials into the corresponding fields.

![sso add idp credentials](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-add-idp-credentials.png)

1. (Optional) If you added supplemental attribute statements to your SAML assertion, enter the associated values in the *Attribute Statements* section. The *company* field is optional.

![sso add idp credentials](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-add-attribute-statements.png)

1. Select **Save**.

### 4. Activate SSO

To activate SSO, select **Connect**, then select **Login with SSO**. If you successfully configured SSO, you will be redirected to the **Single Sign On** tab and a checkmark will be displayed.

![sso test SAML](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-test-saml.gif)

              
              

If your connection attempt fails, verify that you assigned yourself SSO access in your IAM platform.

After successfully connecting, set the *Manage this Organization with SSO* slider to **ON** to enable SSO.

![sso toggle active](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-toggle-active.gif)

              
              

You should ensure that your users are assigned SSO access in your IAM platform. Users will not be able to log into my.G2 until they are assigned access.

### 5. Configure group access

G2 automatically migrates your existing users to SSO while maintaining their existing permission sets based on the role they had in the Admin Users tab.

You can create new access groups directly in the [Groups](/docs/single-sign-on#groups) tab, or import them from your IAM platform via SCIM. For an example of how to sync access groups between my.G2 and your IAM platform, refer to the [Syncing groups with your IAM platform](https://documentation.g2.com/docs/single-sign-on#syncing-groups-with-your-iam-platform) section.

## Configuring SAML in your IAM platform

G2 offers instructions for configuring SAML integrations in commonly-used identity and access management (IAM) platforms. These instructions should be used to complete [step 2 of the implementation process](/docs/single-sign-on#2-configure-saml-in-your-iam-platform).

### Okta

#### 1. Create a new app in Okta

To get started, log in to [Okta](http://login.okta.com), then navigate to the *Applications* tab.

![sso okta create app](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-create-app.png)

To create a new app:

1. Select **Create App Integration**.
2. Select **SAML 2.0** as your authentication method, then select **Next**.
3. In the *General Settings* panel, enter the following information, then select **Next**.

| Field | Value |
| --- | --- |
| App name | **my.G2** |
| App logo | Download G2’s logo from [this link](https://github.com/g2-documentation/images/blob/0c3351b5d97e5cd7a93d181c47240494859da1ea/reversed-g2@2x.png?raw=true), then select the **Upload** icon to add the logo to your Okta app. |
| App visibility | G2 recommends selecting the corresponding checkbox to hide your application from users until you have completed the full implementation process. |

![sso okta general settings](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-general-settings.png)

#### 2. Configure SAML

After entering your *General Settings*, you can configure SAML for your my.G2 app.

![sso okta configure saml](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-configure-saml.gif)

To configure your SAML settings:

1. In the *SAML Settings* panel, enter your G2-provided *Single sign on URL* and *Audience URI*.

              
              

For more information, refer to the [Access your SAML configuration details in my.G2](/docs/single-sign-on#1-access-your-saml-configuration-details-in-myg2) section.

1. From the *Name ID format* dropdown, select **EmailAddress**.
2. (Optional) If you want to include custom user attributes in your SAML assertion, use the *Attribute Statements* section to map the *Name* and *Value* relationships.

| Name | Name format | Value |
| --- | --- | --- |
| first_name | Basic | user.firstName |
| last_name | Basic | user.lastName |
| company | Basic | user.company |

![sso okta attribute statements](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-attribute-statements.png)

1. Select **Next**.

#### 3. Feedback for Okta Support

Okta requests that you provide two supplemental pieces of information about your new app. Enter the following information, then select **Finish**.

| Field | Value |
| --- | --- |
| *Are you a customer or partner?* | **I’m an Okta customer adding an Internal app** |
| *App type* | **This is an internal app that we have created** |

![sso okta feedback](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-feedback.png)

#### 4. Assign access

You must assign SSO access to yourself to complete the implementation process in my.G2. Navigate to the **Assignments** tab, then select **Assign** > **Assign to People** to search for and select your user account.

![sso okta assign app](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-assign-app.gif)

              
              

You can also assign access to other members of your organization at this step. Users will not be able to log into my.G2 until they are assigned app access in Okta.

#### 5. (Optional) Enable SCIM provisioning

SCIM provisioning enables you to add, update, and remove my.G2 users directly from Okta. You can also use SCIM to import Okta access groups into my.G2.

              
              

In order to use SCIM provisioning to update user information, you must map the `first_name`, `last_name`, and `company` user attributes in your SAML assertion.

If you did not map custom attributes when configuring your *SAML settings*, refer to step 3 of the [Configure SAML](/docs/single-sign-on#2-configure-saml) section before proceeding.

You will use your G2-provided *SCIM Base URL* and *SCIM Authentication Token* to configure SCIM provisioning in Okta. For more information on accessing your *SCIM Base URL* and *SCIM Authentication Token*, refer to the [Access your SAML configuration details in my.G2](/docs/single-sign-on#1-access-your-saml-configuration-details-in-myg2) section.

To activate SCIM provisioning:

1. Navigate to the **General** tab, then select **Edit** to access your *App Settings*.
2. From the *Provisioning* section, select the **Enable SCIM provisioning** checkbox, then select **Save**.

![okta enable SCIM](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-enable-SCIM.png)

1. Navigate to the *Provisioning* tab, then select **Edit** to access your *SCIM Connection* settings.

![okta access SCIM configuration](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-SCIM-edit-provisioning-auth.png)

1. In the *SCIM connector base URL* section, enter your G2-provided *SCIM Base URL*.
2. In the *Unique identifier field for users* field, enter `userName`.
3. In the *Supported provisioning actions* section, select the checkboxes for **Import New User and Profile Updates**, **Push New Users**, **Push Profile Updates**, and **Push Groups**.

![okta add SCIM credentials and permissions](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-SCIM-midpoint-auth-configuration.png)

1. Set the *Authentication Mode* dropdown to **HTTP Header**, then paste your G2-provided *SCIM Authentication Token* into the *Authorization* field.

![okta add SCIM HTTP auth bearer token](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-SCIM-add-HTTP-auth.png)

1. Select **Save** to test your configuration. If successful, you will be redirected to the *Provisioning to App* tab.

![example successful auth](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-complete-SCIM-auth.png)

1. Select **Edit**, then select the **Enable** checkboxes for *Create Users*, *Update User Attributes*, and *Deactivate Users*.

![select SCIM permissions checkboxes](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-select-SCIM-provisioning-checkboxes.gif)

1. Select **Save**.

#### 6. Access your SAML setup instructions

![sso saml setup](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-saml-setup-instructions.gif)

To access your SAML credentials:

1. Navigate to the **Sign On** tab.
2. From the *SAML Setup* section, select **View SAML setup instructions**.
3. Copy the information in the *Identity Provider Single Sign-On URL* and *X.509 Certificate* sections.
4. Proceed with [step 3 of implementation](/docs/single-sign-on#3-add-your-identity-provider-credentials-to-myg2), entering your *Identity Provider Single Sign-On URL* and *X.509 Certificate* into the corresponding fields in my.G2.

![sso saml credentials](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-saml-setup-credentials.png)

## Syncing groups with your IAM platform

After [configuring SCIM](/docs/single-sign-on#5-optional-enable-scim-provisioning), you can sync access groups between my.G2 and your IAM platform.

              
              

This section demonstrates how to perform group actions in Okta, which can be adapted to your particular IAM platform.

To access group actions in Okta, go to your my.G2 SAML application in Okta, then navigate to the **Push Groups** tab.

![Highlight the push groups tab in Okta.](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-okta-push-groups-tab.png)

              
              

If you cannot access the *Push Groups* tab, you might need to enable the corresponding setting in your [SCIM configuration](/docs/single-sign-on#5-optional-enable-scim-provisioning).

### Push groups to my.G2

To push groups from Okta to my.G2, select **Push Groups** > **Find groups by name**, then search for and select the group you want to push.

![How to begin finding the groups you want to push to my.G2.](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-choose-group-to-push.gif)

After selecting your Okta group, use the *Match result & push action* section to choose whether you want to create a new group in my.G2 or link your Okta group to an existing my.G2 group using the corresponding dropdown.

![Choose your push option, either create group or link to an existing group.](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-choose-to-link-or-push-groups.gif)

### Import groups from my.G2

To import your access groups from my.G2, select **Refresh App Groups**.

![How to import groups in Okta.](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-import-groups-from-g2.gif)

You can now map my.G2 groups to their corresponding Okta groups, or create a new Okta group for mapping.

![Import Okta groups example](https://documentation-g2-com-images.s3.us-east-1.amazonaws.com/sso-import-group-sync.png)