In this article
Single Sign-On (SSO) can be enabled in your Gelato account for a fast and efficient user login. Users will be able to use their credentials from another system to log into Gelato Globe. You can choose to allow standard email/password login and SSO, or, restrict the login to SSO only.
Normal login + SSO login enabled
SSO login only enabled
How can I enable it?
- SSO (and Branded store) need to be enabled first on our end
- Once we know which authentication provider you are using, we will arrange a meeting between our infrastructure team and your IT department
- If you use groups in your identity management system, you can map them to your Globe groups to ensure the users registering via SSO will be added to the assigned group. Just add the details to your Globe group (below).
- If you do not use groups in your identity provider, you will need to define the New User's intended Group and Role. Go to Account Settings => SSO Setting to set this up. This means that all users that sign up via SSO will be added to the this group and with the permissions assigned in that particular Role.
Note: Admin(s) of the Gelato account will receive an email notification every time a user is signing up via SSO for control purposes.
Requirements and limitations
- SSO is normally included in Professional and Enterprise subscriptions. If you are unsure about your subscription and what is included, please refer to your contract.
- If your subscription does not include SSO, please contact us to get more information about the cost and the process to implement it.
- SSO requires branded storefront to be enabled to ensure that a customer login URL can be created.
- We support the following identity brokers (if your identity broker is not included in the list below, please let us know):
- Social Authentication: Twitter, Facebook, Google, LinkedIn, Instagram, Microsoft, PayPal, Openshift v3, GitHub, GitLab, Bitbucket, and Stack Overflow
- OpenID Connect v1.0 Identity Providers
- SAML v2.0 Identity Providers
- User Storage Federation: LDAP, Active Directory
For more information please contact us.