The aim of this guide is to:
1) Get admin users setup with single sign on
2) Understand how SAML SSO will differ from normal authentication on an account
SAML SSO allows users to register and log-in to a GatherContent account using their idP (e.g. Microsoft Azure, Google Suite)
When SAML SSO is enabled for an account, new users will be able to join the account simply by belonging to the organisation's idP.
This means users using SSO will no longer need to be manually invited to the account, unlike with regular passworded authentication.
GatherContent offers support for SP-initiated flow only with HTTP POST binding. You should configure HTTP POST bindings in the idP metadata.
GatherContent requires that the following attribute claims be sent when a user logs in:
Setup SSO within GatherContent
- Go to Account Settings
2. Click on the SSO tab
If you are unable to see the SSO tab, the feature may not be available on your plan or may have been disabled for your account. Please contact customer support, in this case, who will be happy to help look into this for you.
3. Click Setup SSO
4. Copy the information in the following fields that appear, and input those into the idP:
Field A) Service Provider ACS URL
Field B) Service Provider Identifier
Customise the login button text
This is the text that users will see on the login screen when logging into GatherContent via SAML SSO.
For example, you could change the login button text to Login with SAML SSO e.g…
Default user role
This is the default role that is applied to new registrants when they register on GatherContent via SAML SSO. Users can still be updated from inside the GatherContent account via the People & Groups pages.
Once all the fields are set, click Validate SAML settings.
This will attempt to log your user in with the settings provided, by first redirecting you to your Microsoft Azure portal. If a successful login is detected, the user will be able to turn on SSO for the account, this will then;
- Require all users to login with SAML SSO from this point forward
- Send an email to all existing users in the account, notifying them that SAML SSO has been enabled
- Allow users to register via their idP to the account.
Disabling SAML SSO
If an account has SAML SSO enabled, it can be disabled by visiting the Account Settings page and navigating to the SAML SSO tab.
From here a 'Turn off SAML SSO' button will be visible.
When SAML SSO is disabled for an account this will;
- Require all users who do not have a password to set a password
- Automatically send an email to all existing users, notifying them that SAML SSO has been disabled for the account
- Log users out and require that they log in with their username and password