G2 Marketplace
- G2 Marketplace
- Partners

Single Sign-On

17 Jun 2024
8 Minutes to read

Share
Dark
Light

Single Sign-On

Updated on 17 Jun 2024
8 Minutes to read

Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Configuring single sign-on (SSO) enables you to provision my.G2 admin access using your identity and access management (IAM) platform.

sso demo

IAM software protects your systems from unauthorized access by only allowing authenticated, authorized users to access specific company systems and data. For more details about IAM solutions, refer to G2’s IAM category page.

SSO mitigates the burden and potential security risk of maintaining unique login credentials for each piece of software in your tech stack. Depending on your IAM platform, configuring SSO also enables you to conveniently access my.G2 alongside your other SSO-enabled software.

sso app launch

To access the Single Sign On tab, log in to my.G2, then navigate to Account > Single Sign On.

Basics of SSO in my.G2

This section describes the basics of using the Single Sign On tab. For more information on setting up SSO, refer to the Implementation section.

Access to my.G2 is typically granted via the Admin Users tab, which is scoped to a single product – if you have multiple products listed on G2, you can manage access for all products in your organization by using the G2 Product Profiles dashboard.

demonstration showing how to create a new group in the G2 Product Profiles dashboard

:::(Info) For more information on using the G2 Product Profiles dashboard, refer to the Product Access Management documentation.
:::

By configuring SSO, you can provision my.G2 access to multiple products simultaneously using Groups.

For more information on creating groups, refer to the Product Access Management documentation.

By default, new users added via SSO are assigned to the Marketing group. To update your default group for SSO, navigate to the Single Sign On tab. Select Settings, then from the Default Group for New Users dropdown, choose a group.

This screenshot shows the Default Group for New Users dropdown within the Single Sign On tab.

You can also sync groups settings between my.G2 and the IAM platform you use for SSO. For more information, refer to the Syncing groups with your IAM platform section.

Logging in with SSO

When members of your organization authenticate via SSO, their personal G2 accounts are granted permission to manage your product(s) in my.G2. In order to access my.G2, each user must have (and be logged into) a personal G2 account.

Users who are authenticated with SSO but not logged into their personal G2 account will be prompted to log in or create an account before they can access my.G2.

sso without g2 login

Implementation

Before getting started

Before proceeding with the following implementation steps, please contact your G2 representative to configure SSO for your organization.

1. Access your SAML configuration details in my.G2

There are several configuration details you must provide to your identity and access management (IAM) platform to initiate the authentication process.

Navigate to my.G2, then Single Sign On > Single Sign On. Retain the information in the Details section for configuring SAML in the next step.

access configuration credentials

2. Configure SAML in your IAM platform

G2 offers step-by-step configuration instructions for creating a new SAML integration in common IAM platforms. If your platform is not included, please contact your IAM platform representative for assistance creating a new SAML integration.

G2 can pass supplemental user attributes to your SAML assertion, including first name, last name, and company.

If your IAM platform supports SCIM provisioning, you'll be able to update these my.G2 user attributes directly from your IAM platform.

You must define this mapping relationship in your IAM platform using the key names of first_name, last_name, and company before providing this information to G2 in the next step.

You can also sync SSO access groups between my.G2 and your IAM platform via SCIM. For more information on group permissions, refer to the Groups section.

For an example of how to sync groups with your IAM provider, refer to the Syncing groups with your IAM platform section.

3. Add your identity provider credentials to my.G2

After configuring your SAML integration, your IAM platform will generate access credentials for G2, including an Identity Provider Single Sign-On URL and an Identity Provider Certificate.

To add these credentials:

Navigate to my.G2, then Single Sign On > Single Sign On.
Open the Settings dropdown, then enter your credentials into the corresponding fields.

sso add idp credentials

(Optional) If you added supplemental attribute statements to your SAML assertion, enter the associated values in the Attribute Statements section. The company field is optional.

sso add idp credentials

Select Save.

4. Activate SSO

To activate SSO, select Connect, then select Login with SSO. If you successfully configured SSO, you will be redirected to the Single Sign On tab and a checkmark will be displayed.

sso test SAML

If your connection attempt fails, verify that you assigned yourself SSO access in your IAM platform.

After successfully connecting, set the Manage this Organization with SSO slider to ON to enable SSO.

sso toggle active

You should ensure that your users are assigned SSO access in your IAM platform. Users will not be able to log into my.G2 until they are assigned access.

5. Configure group access

G2 automatically migrates your existing users to SSO while maintaining their existing permission sets based on the role they had in the Admin Users tab.

You can create new access groups directly in the Groups tab, or import them from your IAM platform via SCIM. For an example of how to sync access groups between my.G2 and your IAM platform, refer to the Syncing groups with your IAM platform section.

Configuring SAML in your IAM platform

G2 offers instructions for configuring SAML integrations in commonly-used identity and access management (IAM) platforms. These instructions should be used to complete step 2 of the implementation process.

Okta

1. Create a new app in Okta

To get started, log in to Okta, then navigate to the Applications tab.

sso okta create app

To create a new app:

Select Create App Integration.
Select SAML 2.0 as your authentication method, then select Next.
In the General Settings panel, enter the following information, then select Next.

Field	Value
App name	my.G2
App logo	Download G2’s logo from this link, then select the Upload icon to add the logo to your Okta app.
App visibility	G2 recommends selecting the corresponding checkbox to hide your application from users until you have completed the full implementation process.

sso okta general settings

2. Configure SAML

After entering your General Settings, you can configure SAML for your my.G2 app.

sso okta configure saml

To configure your SAML settings:

In the SAML Settings panel, enter your G2-provided Single sign on URL and Audience URI.

For more information, refer to the Access your SAML configuration details in my.G2 section.

From the Name ID format dropdown, select EmailAddress.
(Optional) If you want to include custom user attributes in your SAML assertion, use the Attribute Statements section to map the Name and Value relationships.

Name	Name format	Value
first_name	Basic	user.firstName
last_name	Basic	user.lastName
company	Basic	user.company

sso okta attribute statements

Select Next.

3. Feedback for Okta Support

Okta requests that you provide two supplemental pieces of information about your new app. Enter the following information, then select Finish.

Field	Value
Are you a customer or partner?	I’m an Okta customer adding an Internal app
App type	This is an internal app that we have created

sso okta feedback

4. Assign access

You must assign SSO access to yourself to complete the implementation process in my.G2. Navigate to the Assignments tab, then select Assign > Assign to People to search for and select your user account.

sso okta assign app

You can also assign access to other members of your organization at this step. Users will not be able to log into my.G2 until they are assigned app access in Okta.

5. (Optional) Enable SCIM provisioning

SCIM provisioning enables you to add, update, and remove my.G2 users directly from Okta. You can also use SCIM to import Okta access groups into my.G2.

In order to use SCIM provisioning to update user information, you must map the first_name, last_name, and company user attributes in your SAML assertion.

If you did not map custom attributes when configuring your SAML settings, refer to step 3 of the Configure SAML section before proceeding.

You will use your G2-provided SCIM Base URL and SCIM Authentication Token to configure SCIM provisioning in Okta. For more information on accessing your SCIM Base URL and SCIM Authentication Token, refer to the Access your SAML configuration details in my.G2 section.

To activate SCIM provisioning:

Navigate to the General tab, then select Edit to access your App Settings.
From the Provisioning section, select the Enable SCIM provisioning checkbox, then select Save.

okta enable SCIM

Navigate to the Provisioning tab, then select Edit to access your SCIM Connection settings.

okta access SCIM configuration

In the SCIM connector base URL section, enter your G2-provided SCIM Base URL.
In the Unique identifier field for users field, enter userName.
In the Supported provisioning actions section, select the checkboxes for Import New User and Profile Updates, Push New Users, Push Profile Updates, and Push Groups.

okta add SCIM credentials and permissions

Set the Authentication Mode dropdown to HTTP Header, then paste your G2-provided SCIM Authentication Token into the Authorization field.

okta add SCIM HTTP auth bearer token

Select Save to test your configuration. If successful, you will be redirected to the Provisioning to App tab.

example successful auth

Select Edit, then select the Enable checkboxes for Create Users, Update User Attributes, and Deactivate Users.

select SCIM permissions checkboxes

Select Save.

6. Access your SAML setup instructions

sso saml setup

To access your SAML credentials:

Navigate to the Sign On tab.
From the SAML Setup section, select View SAML setup instructions.
Copy the information in the Identity Provider Single Sign-On URL and X.509 Certificate sections.
Proceed with step 3 of implementation, entering your Identity Provider Single Sign-On URL and X.509 Certificate into the corresponding fields in my.G2.

sso saml credentials

Syncing groups with your IAM platform

After configuring SCIM, you can sync access groups between my.G2 and your IAM platform.

This section demonstrates how to perform group actions in Okta, which can be adapted to your particular IAM platform.

To access group actions in Okta, go to your my.G2 SAML application in Okta, then navigate to the Push Groups tab.

Highlight the push groups tab in Okta.

If you cannot access the Push Groups tab, you might need to enable the corresponding setting in your SCIM configuration.

Push groups to my.G2

To push groups from Okta to my.G2, select Push Groups > Find groups by name, then search for and select the group you want to push.

How to begin finding the groups you want to push to my.G2.

After selecting your Okta group, use the Match result & push action section to choose whether you want to create a new group in my.G2 or link your Okta group to an existing my.G2 group using the corresponding dropdown.

Choose your push option, either create group or link to an existing group.

Import groups from my.G2

To import your access groups from my.G2, select Refresh App Groups.

How to import groups in Okta.

You can now map my.G2 groups to their corresponding Okta groups, or create a new Okta group for mapping.

Import Okta groups example

What's Next

Executive Summary

Table of contents

Basics of SSO in my.G2
Implementation
Configuring SAML in your IAM platform
Syncing groups with your IAM platform