SAML and OAuth are security standards for logging into applications. Single Sign On (SSO) allows users to log into many applications or websites via one set of login details.
When enabling SSO, you'll have to restrict your emails to a maximum of two domains but ideally just one (e.g. my-company.com). This ensures that all emails of these domains (email@example.com) will be authenticated by your SSO.
Benefits of using SSO include:
Increased security and less risk of accounts being compromised
Reduced password fatigue or forgetfulness from managing different user name and password combinations
Reduced time spent entering passwords
Simplified authentication by using your known system across your company
Identity Providers (IdP) supported by Geckoboard
Geckoboard SSO works with all popular Identity Providers (IdP) that support the SAML protocol, including Okta, OneLogin, Microsoft Azure AD, etc.
Setting up a SSO access for your Geckoboard account
Your Account Owner can request SSO by getting in touch with our team. Once enabled, all users in the organization must use SSO to log in.
Your email address in Geckoboard must exactly match your email address used for SSO. For example, if your
firstname.lastname@example.org in Geckoboard, but
email@example.com with your SSO provider, you won’t be able to log in with SSO. If this is the case, let us know and we can make the change.
We can also support organizations whose users have email addresses that span multiple domains.
Logging in to Geckoboard with SSO
If you have SSO enabled on your Geckoboard account, you'll need to login using the Sign in with SSO button.
Or login directly via https://app.geckoboard.com/sso.
For security reasons, when you login with SSO, the cookie you're issued is only valid for 24 hours, after which you must log in again. Each 24-hour session is tied to each device you use to login with.
Disabling SSO access
Your Account Owner can request to disable SSO for your organization by getting in touch with our team.
When SSO is removed from an organization, any users who were in the account prior to SSO being enabled will be able to log in using their old password. Any users added to the account after SSO was enabled will need to go through the reset password flow.
Removing users from SSO
The usual offboarding flow is to delete a user from the SSO provider. However, because sessions for logged in users through SSO remain usable for a maximum of 24 hours, offboarding can be sped up by deleting the user from Geckoboard first. This will terminate the session immediately, so by the time the user is deleted from the SSO provider a potential session has been expired and new sessions will be prevented.