Skip to content

Using Single Sign-On

Subscription Tier Required

This feature requires the Enterprise subscription tier.

GS supports Single Sign-On (SSO) through SAML and OpenID Connect (OIDC). This allows users to access GS with existing corporate credentials instead of maintaining separate usernames and passwords within GS.

To use SSO, you will need to work with Hertzler's support team to share configuration details between GS and your Identity Provider (IdP).

SAML Configuration

To set up SSO using SAML, follow these steps:

Step 1 - Contact Support

Contact our support team and let us know that you would like to set up SSO using SAML. We will respond with the following configuration details:

  • Reply URL (also called an Assertion Consumer Service URL)
  • Sign on URL
  • Signing Certificate
  • Logout URL

Step 2 - Configure GS in your IdP

Create a SAML Application in your IdP and enter the details provided by GS support. Depending on your IdP, you may need to assign particular users to the Application in order for them to access GS.

After the Application has been created, you will have access to the Application's metadata file or metadata endpoint. Download the file or make a note of the endpoint so you can send it to our support team.

Step 3 - Share IdP Metadata with GS

Send our support team the metadata file or endpoint generated in the previous step. We will finalize the integration and our support team will let you know when GS is set up and ready to use.

Step 4 - Test and Enforce SSO

After our support team has configured GS with your IdP's metadata, we will contact you to test the integration. You will see a new button on the GS login page that will take you to your IdP to log in. Click this button to test the integration.

An image showing the button to log in with your IdP

By default, Users will continue to be able to log in using their GS account credentials. Contact your GS representative to disable the default login experience.

OIDC Configuration

To set up SSO using OIDC, follow these steps:

Step 1 - Contact Support

Contact our support team and let us know that you would like to set up SSO using OIDC. We will respond with the following configuration details:

  • Sign-In Redirect URI

Step 2 - Configure GS in your IdP

Create an OIDC Application in your IdP and enter the details provided by GS support. For the Grant Type select Authorization Code.

After the Application is created, you will have access to the following:

  • Client ID
  • Client Secret
  • Issuer

Depending on your IdP, you may need to assign particular users to the Application in order for them to access GS.

Step 3 - Share IdP Metadata with GS

Send our support team the Client ID, Client Secret, and Issuer generated in the previous step. We will finalize the integration and our support team will let you know when GS is set up and ready to use.

Step 4 - Test and Enforce SSO

After our support team has configured GS with your IdP's metadata, we will contact you to test the integration. You will see a new button on the GS login page that will take you to your IdP to log in. Click this button to test the integration.

An image showing the button to log in with your IdP

By default, Users will continue to be able to log in using their GS account credentials. Contact your GS representative to disable the default login experience.