Who can do this?
Signal: Contact Tracking
Signal: New Hires & Promotions

UserGems offers SAML 2.0 authentication for Enterprise customers. This is not limited to specific providers; all providers which support SAML 2.0 are supported. The authentication allows customers to have complete control over the access to UserGems from their authentication provider (IdP). If customers add users to the UserGems application within their SSO provider, they will able to login directly to UserGems. The same applies to disabling users; when users are deactivated in the SSO provider, they will lose access to UserGems. 

We will go through the setup process with Microsoft as an example (the same concept works for Google, Okta and other providers). 

Configuration of SSO

Once you have access to the feature (available in our Enterprise package) you can access it via the navigation in the top right:

The first step is to configure certificates and metadata. Make sure you are an Administrator in your company and have access to the SSO configuration from your Identity Provider (IdP). Let's choose the IdP first (Microsoft Azure in our case): 

Once we click “Continue” we will get all the required information that needs to be added to Microsoft:

Within Microsoft, go to Microsoft Entra ID, select Enterprise applications, and click “New application”:

On the next screen, select “Create your own application,” give it a meaningful name such as “Usergems Application - SSO” and click “Create”:

As soon as your new application is created, you will be able to add all the details from Step 2 (URLs which were shown on the UserGems platform). To enter the URLs, go to “Single sign-on” in the navigation and select SAML as the method:

This will open up the following screen where you can edit the Basic SAML configuration and add the URLs:

By default, your SSO application will not allow any users to login to UserGems. Therefore you have to either add specific users or groups (which should be able to login to UserGems) to the application, which are typically members of your Go-to-market team (Sales, Marketing, Customer Success, & Operations). This is done by “Assign users and groups”:

This will lead to a next screen where you can see all users/groups which are allowed to login via this application. You can add more users or groups with “Add user/group”. We have added a user called “Access” which is allowed to login to Usergems. 

You can now continue with the setup of UserGems. Download the metadata.xml file from Microsoft and upload it to UserGems. All fields on the screen will automatically be populated with the correct values if you upload the correct file. If values are not automatically populating, please create a support ticket and include your metadata.xml as well as the provider you are using. 

Press “Save & Continue” to get to the next screen.

Now that you have setup the configuration for SSO, you can test it by enabling it. This will create a company specific test url to try out the new authentication with your IdP. Enter the shown URL into your browser.

You should automatically get redirected to the authentication provider (in our case Microsoft). Now you need to add your username and password and you will automatically signed-up (if you don't have an account yet) or logged-in (if you already have an account matching your email address).

A UserGems user was automatically created and is now able to login into your UserGems account.