Gladly supports standard Secure Assertion Markup Language (SAML) 2.0 integration with any enterprise Identity Provider to provide Gladly single sign-on (SSO) access. We have internally tested against the following enterprise Identity Providers:
- Azure Active Directory
- Active Directory Federation Services (ADFS)
Once activated, your users are redirected to the Identity Provider of your choice to complete their login process. Once logged in, they’ll be able to access Gladly (along with all the other services and applications under your Identity Provider) without entering separate login credentials.
SSO is a faster and more efficient way for users to log into the various systems and applications they need daily, making managing user access to those systems more secure and efficient. Once a user is authenticated against your system, you can grant them access to as many resources within (or outside) your firewall. It also streamlines the deactivation of accounts configured as SSO. In addition, SSO allows you to implement 2FA, MFA, Two-Factor Authorization, and other security layers for a more secure system.
Set up SSO for Gladly #
The use of SSO for Gladly requires several configuration changes in both Gladly and your Identity Provider. More specifically, we’ll need the metadata XML file that describes how your Identity Provider is set up. This contains information that allows Gladly to verify that SSO responses are coming from your Identity Provider.
Before you set up SSO, be aware of the steps below.
- Activate SSO in Gladly by toggling the Use SSO option in the Activate Single Sign-On setting page.
- Add/upload all of your users to Gladly once you configure Gladly with your SSO provider.
- Users you need to add in the future must be added to Gladly first, then given SSO access via your provider.
- In your Azure Dashboard, click on Azure Active Directory
2. Select Enterprise applications.
3. From the panel, select Non-gallery application.
4. In the next panel, give your application a name, then click Add. For this example, we’ll be naming our application ‘Gladly.’
5. On the next screen, fill in the following fields as follows:
- Single Sign-on Mode – Select SAML-based Sign-on from the dropdown list.
- Identifier (Entity ID) – This can be found on the Single Sign-On settings page.
- Reply URL (Assertion Consumer Service URL – ACS) – This can be found on the Single Sign-On settings page.
- User Identifier – Select user.email from the dropdown list.
6. Click Save
7. Scroll down to the SAML Signing Certificate section and copy the URL in the App Federation Metadata URL field.
8. Log into Gladly, click the menu icon on the top left corner, then click Settings > Single Sign-On.
- Toggle Use SSO (toggle is green) to activate SSO.
- See Activate Single Sign-On for more information on how to save the Metadata URL.
9. Paste the Metadata URL in the Fetch metadata from URL field, then click Save. This generates the Metadata XML. Return to the SSO configuration page for your Gladly application. From the Azure Active Directory console, go to Azure Active Directory > Enterprise applications > Gladly application > Single sign-on. Click Upload metadata file from this page.
10. Click on Upload metadata file.
11. Click Upload and select the metadata from the Activate Single Sign-On settings page in Gladly.
12. Click Save.
Success! SAML SSO is now configured. You can begin adding users to Gladly so they receive an invitation to access Gladly.
- Go to Applications (Apps).
- Click Add App.
- From the Find Applications page, search for OneLogin’s SAML Custom Connector to add it.
- Set the display name to Gladly.
- Click Save.
- Click on Configuration and set up the following:
- SAML Consumer URL – Gladly ACS URL
- SAML Audience – Gladly Metadata URL
- SAML Recipient – Gladly ACS URL
- Click More Actions, then SAML Metadata.
- Download the metadata XML file, copy its contents, and configure it as the metadata XML in Gladly SSO settings.
- Go to Users in OneLogin.
- Add the appropriate users who need SSO access to Gladly.
- Ensure each NameID for each user matches the Agent’s email address in Gladly.
G Suite / Google Workspace #
- From the Google Admin Console page, click on Apps > Web & Mobile Apps.
- Click Add App > Add custom SAML app.
- Name the app “Gladly” and click Next.
- Download the IDP metadata file.
- Log into Gladly, click the Menu icon on the top left corner, and click Settings > Single Sign-On.
- Toggle Use SSO (toggle is green) to activate SSO.
- Click Paste metadata, then paste the metadata you downloaded from G Suite into the metadata field. Click Save.
- Go back to Google Admin Console and click Continue.
- Set the ACS URL, which can be found on the Single Sign-On settings page.
- Set Entity ID/Metadata URL, which can be found on the Single Sign-On settings page.
- Keep clicking Continue; all other settings should be left to the default setting.
- When you are done, follow Turn on your SAML App directions to grant the users access to SSO. Then, make sure to add users to Gladly so they receive an invitation to access Gladly via SSO.
If you get a 403 app_not_enabled_for_user, error this means the user account doesn’t have permission in Google Workspace, even if it has been granted in Gladly. Do the following to fix this error.
- From the Google Workspace Admin console homepage, go to Apps > Web > Mobile Apps.
- Find Gladly in the app list and click it to open the Settings page.
- Click User access.
- Turn the app On for everyone in the organization who needs access to Gladly.