Single Sign-On Setup

Table of Contents

Set up SSO for Gladly

Gladly supports standard Secure Assertion Markup Language (SAML) 2.0 integration with any enterprise Identity Provider to provide Gladly single sign-on (SSO) access. We have internally tested against the following enterprise Identity Providers:

Azure Active Directory
Active Directory Federation Services (ADFS)
Google

Once activated, your users are redirected to the Identity Provider of your choice to complete their login process. Once logged in, they can access Gladly (along with all the other services and applications under your Identity Provider) without entering separate login credentials.

SSO is a faster and more efficient way for users to log into the various systems and applications they need daily, making managing user access to those systems more secure and efficient. Once a user is authenticated against your system, you can grant them access to as many resources within (or outside) your firewall. It also streamlines the deactivation of accounts configured as SSO. In addition, SSO allows you to implement 2FA, MFA, Two-Factor Authorization, and other security layers for a more secure system.

Set up SSO for Gladly #

The use of SSO for Gladly requires several configuration changes in both Gladly and your Identity Provider. More specifically, we’ll need the metadata XML file that describes how your Identity Provider is set up. This contains information that allows Gladly to verify that SSO responses are coming from your Identity Provider.

Take note of the following before you activate SSO:

Activate SSO in Gladly by toggling the Use SSO option in the Activate Single Sign-On setting page.
Add/upload all of your users to Gladly once you configure Gladly with your SSO provider.
- Note – Only upload users to Gladly once SSO is activated.
Users you need to add in the future must be added to Gladly first, then given SSO access via your provider.

Azure #

In your Azure Dashboard, click on Azure Active Directory

2. Select Enterprise applications.

3. From the panel, select Non-gallery application.

4. In the next panel, give your application a name, then click Add. For this example, we’ll be naming our application ‘Gladly.’

5. On the next screen, fill in the following fields as follows:

Single Sign-on Mode – Select SAML-based Sign-on from the dropdown list.
Identifier (Entity ID) – This can be found on the Single Sign-On settings page.
Reply URL (Assertion Consumer Service URL – ACS) – This can be found on the Single Sign-On settings page.
User Identifier – Select user.email from the dropdown list.

6. Click Save

7. Scroll down to the SAML Signing Certificate section and copy the URL in the App Federation Metadata URL field.

8. Log into Gladly, click on the top left corner of the screen, click Settings, then Single Sign-On.

Toggle Use SSO (toggle is green) to activate SSO.

See Activate Single Sign-On for more information on how to save the Metadata URL.

9. Paste the Metadata URL in the Fetch metadata from URL field, then click Save. This generates the Metadata XML. Return to the SSO configuration page for your Gladly application. From the Azure Active Directory console, go to Azure Active Directory > Enterprise applications > Gladly application > Single sign-on. Click Upload metadata file from this page.

10. Click on Upload metadata file.

11. Click Upload and select the metadata from the Activate Single Sign-On settings page in Gladly.

12. Click Save.

Success! SAML SSO is now configured. You can begin adding users to Gladly so they receive an invitation to access Gladly.

OneLogin #

Go to Applications (Apps).
Click Add App.
From the Find Applications page, search for OneLogin’s SAML Custom Connector to add it.
Set the display name to Gladly.
Click Save.
Click on Configuration and set up the following:
- SAML Consumer URL – Gladly ACS URL
- SAML Audience – Gladly Metadata URL
- SAML Recipient – Gladly ACS URL
Click More Actions, then SAML Metadata.
Download the metadata XML file, copy its contents, and configure it as the metadata XML in Gladly SSO settings.
Go to Users in OneLogin.
Add the appropriate users who need SSO access to Gladly.
Ensure each NameID for each user matches the Agent’s email address in Gladly.

G Suite / Google Workspace #

From the Google Admin Console page, go to Apps > Web & Mobile Apps.
Click Add App > Add custom SAML app.
Name the app “Gladly” and click Next.
Download the IDP metadata file.
Log into Gladly, click on the top left corner of the screen, click Settings, then Single Sign-On.
Toggle Use SSO (toggle is green) to activate SSO.
- Click Paste metadata, then paste the metadata you downloaded from G Suite into the metadata field. Click Save.
Go back to Google Admin Console and click Continue.
Set the ACS URL, which can be found on the Single Sign-On settings page.
Set Entity ID/Metadata URL, which can be found on the Single Sign-On settings page.
Keep clicking Continue; all other settings should be left to the default setting.
When you are done, follow Turn on your SAML App directions to grant the users access to SSO. Then, make sure to add users to Gladly so they receive an invitation to access Gladly via SSO.

If you get a 403 app_not_enabled_for_user, error this means the user account doesn’t have permission in Google Workspace, even if it has been granted in Gladly. Do the following to fix this error.

From the Google Workspace Admin console homepage, go to Apps > Web > Mobile Apps.
Find Gladly in the app list and click it to open the Settings page.
Click User access.
Turn the app On for everyone in the organization who needs access to Gladly.

Okta #

Log in to your Okta Admin account.
Go to Applications > Applications > Create App Integration.
Select SAML 2.0
Click Next.
Enter “Gladly” as the name.
Click Next.
Under the Configure SAML tab > Section A: SAML Settings
- Single Sign-on URL – Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly ACS URL
- Audience URI (SP Entity ID) – Gladly Hero > Settings > Single Sign-On > Toggle on Use SSO > Gladly Metadata URL
- Default RelayState – Keep it Blank
- Name ID format – Select EmailAddress
- Application username – Select Email
Click Next/Finish.
- Note – If the next step asks, “Are you a customer or partner?” Select I’m an Okta customer, adding an internal app.
Click Finish.
In the Gladly app in Okta, go to the Assignments tab and add the users that will need to access Gladly via Okta.
Click on the Sign On tab and click Copy to copy the Metadata URL.
Go to Gladly Hero > Settings > Single Sign-On.
From the Single Sign-On page, click the Allow SSO toggle.
Paste the Metadata URL from step 11 in the Fetch metadata from URL (upon Save) field.
Click Save.
Go to Gladly Hero > Settings > Users. Add the same users from Step 10 to Gladly. Since SSO has been activated, they do not need to activate their Gladly account through the email invitation they receive.

Was this article helpful?

0 Comments

Inline Feedbacks

View all comments

Contact Support

Can’t find the answer you need? Get in touch with the Gladly Support Team for assistance.

Would love your thoughts, please comment.x

()

| Reply

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
__cf_bm	29 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_wpfuuid	1 year 1 month 4 days	This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
BIGipServer*	session	Marketo sets this cookie to collect information about the user's online activity and build a profile about their interests to provide advertisements relevant to the user.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_visitor	1 year 1 month 4 days	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_sp_id.*	1 year 1 month 4 days	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
_sp_ses.*	30 minutes	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
mf_user	3 months	Mouseflow sets this cookie to identify whether a visitor is new or returning.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_an_uid	7 days	No description available.
6suuid	1 year 1 month 4 days	No description available.
mf_98ebb315-7080-447b-a20f-9f1c64bcae56	session	Description is currently not available.
receive-cookie-deprecation	1 year 1 month 4 days	Description is currently not available.

Search Gladly Connect

Gladly Hero

Documentation highlights

Set up SSO for Gladly #

Azure #

OneLogin #

G Suite / Google Workspace #

Okta #

Share This Article:

Was this article helpful?

Single Sign-On Setup

Recently Added

How Gladly Search Works

CX Performance Indicator Benchmarks

AI Security and Compliance

November Releases

Most Popular

Glossary and Key Concepts

Q. Why do I keep getting errors when sending an email?

Log Into Gladly

November Releases

Contact Support