or Submit a support ticket
Skip to content
  • There are no suggestions because the search field is empty.

Configuring Single Sign-on (SSO) in Gridly

Table of contents:

 

Only Owner or custom Company roles with the Manage security privilege can configure SSO. Learn more in this article: Permission overview.

Before adding your SSO metadata (sign-in URL) in Company Settings, you need to first retrieve it from your SSO identity provider. Refer to these articles:

What is SSO?

Single Sign-on (SSO) allows Gridly users to log in to Gridly via an identity provider (IdP) of their choice. This allows admin users to better manage team access and keeps information secure.

Gridly supports multiple SAML configurations, allowing you to connect different email domains to different identity providers. This is useful for organizations that manage multiple brands, subsidiaries, or teams with different SSO requirements.

Creating a SAML configuration

  1. On the Gridly Homepage, select Company settings in the left-hand side menu.
  2. Select Security from the side panel.
  3. In the Single Sign On (SSO) section, click Add in the Configuration list tab.create config
  4. In the SAML configuration dialog, enter a name and description  for your configuration.
  5. Copy the ACS URL and SP metadata URL and paste them into the SAML settings in your identity provider application. Click the Copy link button next to each URL.
  6. Under Identity Provider (IdP) metadata, choose how to provide your IdP information:
    • Input URL: Enter the IdP metadata URL that you retrieved from your SSO identity provider (Okta or Microsoft Entra ID). 
    • Upload XML file: Upload the XML metadata file from your identity provider.
  7. Click Save.

Your SAML configuration is now created and will appear in the configuration list.

 

Enforcing SSO for your company

After creating at least one SAML configuration, you can enforce SSO for your company. When you enforce SSO, all members of the company must authenticate through your IdP to access the company.

To enforce SSO, enable the Enforce SSO for this organization toggle.

When SSO enforcement is enabled, the enforcement rules apply to all active SAML configurations. Users are required to authenticate through SSO based on the domains you've specified in the Domains tab.

Excluding members from SSO enforcement

You can exclude specific members from SSO enforcement. Excluded members can log in using their email and password instead of being required to use SSO.

To exclude members:

  1. Click the Users tab under Single Sign On (SSO).
  2. Select a member from the dropdown.
  3. Click Add.

The member will appear in the excluded users list. To remove a member from the exclusion list, click the icon next to their name.

Users not listed in the exclusion list must sign in using SSO when enforcement is enabled.

Managing domains

The Domains tab allows you to specify which email domains require SSO authentication:

  • When the domain list is empty: SSO enforcement applies to all email domains
  • When you add specific domains: SSO is only enforced for those domains

To add domains:

  1. Click the Domains tab under Single Sign On (SSO).
  2. Enter an email domain in the Input domain name field.
  3. Click Add.

The domain will appear in the list. To remove a domain, click the icon next to it.

Users with email addresses matching the listed domains will be required to authenticate through SSO when enforcement is enabled. If no domains are specified, SSO applies to all users in your company.