SSO requires an Enterprise-level subscription.
For easier, more secure access to your dashboards, Geckoboard provides Single Sign-On (SSO) via both OAuth (G Suite) and SAML (Okta, OneLogin, Microsoft Entra ID, and more).
SAML and OAuth are security standards for application authentication. SSO allows users to log in to multiple applications or websites with a single set of login credentials.
Benefits of using SSO include:
Increased security and less risk of accounts being compromised
Reduced password fatigue or forgetfulness from managing different user names and password combinations
Reduced time spent entering passwords
Simplified authentication by using your known system across your company
Identity Providers (IdP) supported by Geckoboard
Geckoboard SSO works with all popular Identity Providers (IdPs) that support the SAML protocol, including Okta, OneLogin, Microsoft Entra ID, and more.
Accessing your Geckoboard account
Once enabled, all users in the organization must use SSO to access the account.
Your email address in Geckoboard must exactly match your email address used for SSO. For example, if your email is name@example.com in Geckoboard, but fullname@example.com with your SSO provider, you won’t be able to log in with SSO and will need to update your email addresses to match.
Logging in to Geckoboard with SSO
From the Login page, sign in to Geckoboard using the Sign in with SSO button.
Logging into Geckoboard from Okta, Azure, or other IdP login apps or shortcuts is currently not supported.
SSO session length
For security reasons, when you log in with SSO, the cookie you're issued is only valid for 24 hours, after which you must log in again. Each 24-hour session is tied to each device you use to log in with.
Disabling SSO access
Your Account Owner can request that SSO be disabled for your organization if needed.
When SSO is removed from an organization, users who were on the account before SSO was enabled can log in with their old password. Users added to the account after SSO was enabled will need to go through the reset password flow.
Removing users from SSO
The common offboarding flow for removing a user from SSO is to delete the user from the IdP. However, because sessions for logged-in users through SSO remain usable for a maximum of 24 hours, offboarding can be sped up by deleting the user from Geckoboard first.
This will terminate the session immediately, so by the time the user is deleted from the IdP, a potential session has expired, and new sessions will be prevented.
Troubleshooting SSO login issues
If you're trying to log in with SSO and can't, there are a few common reasons for this and solutions:
You have not been invited yet to your organization account: If you have not been invited to your organization's Geckoboard account yet, an admin or owner must invite you first within Geckoboard, even to use SSO.
Your organization does not have SSO enabled: If your team is not using SSO yet, you will need to use your email address and password to access your account. If you're not sure which credentials to use, check with the team member who invited you.
You are using the incorrect account to sign in: The SSO account email address you use to sign in to Geckoboard must match the email address you were invited to Geckoboard with. If there is a mismatch, you will not be able to log in. Make sure the SSO account you're using to sign in matches the email for your Geckoboard account.