All Collections
Your account
Account management
Single sign-on (SSO) in Geckoboard
Single sign-on (SSO) in Geckoboard

OAuth and SAML-based single sign-on (SSO) gives you access to Geckoboard through an identity provider (IDP).

Updated over a week ago

For easier and more secure access to your dashboards, Geckoboard provides Single Sign On (SSO) authentication via both OAuth (G Suite) and SAML (Okta, OneLogin, Microsoft Azure AD and more).

SAML and OAuth are security standards for logging into applications. Single Sign On (SSO) allows users to log into many applications or websites via one set of login details.

When enabling SSO, you'll have to restrict your emails to a maximum of two domains but ideally just one (e.g. my-company.com). This ensures that all emails of these domains (john@my-company.com) will be authenticated by your SSO.

Benefits of using SSO include:

  • Increased security and less risk of accounts being compromised

  • Reduced password fatigue or forgetfulness from managing different user name and password combinations

  • Reduced time spent entering passwords

  • Simplified authentication by using your known system across your company

Identity Providers (IdP) supported by Geckoboard

Geckoboard SSO works with all popular Identity Providers (IdP) that support the SAML protocol, including Okta, OneLogin, Microsoft Azure AD, etc.

Setting up a SSO access for your Geckoboard account

Your Account Owner can request SSO by getting in touch with our team. Once enabled, all users in the organization must use SSO to log in.

Your email address in Geckoboard must exactly match your email address used for SSO. For example, if your name@company.com in Geckoboard, but fullname@geckoboard.com with your SSO provider, you won’t be able to log in with SSO. If this is the case, let us know and we can make the change.

We can also support organizations whose users have email addresses that span multiple domains.

Logging in to Geckoboard with SSO

If you have SSO enabled on your Geckoboard account, you'll need to login using the Sign in with SSO button.

Login to Geckoboard via SSO

Or login directly via https://app.geckoboard.com/sso.

Logging into Geckoboard from Okta, Azure or other IdP's login apps is currently not supported.

For security reasons, when you login with SSO, the cookie you're issued is only valid for 24 hours, after which you must log in again. Each 24-hour session is tied to each device you use to login with.

Disabling SSO access

Your Account Owner can request to disable SSO for your organization by getting in touch with our team.

When SSO is removed from an organization, any users who were in the account prior to SSO being enabled will be able to log in using their old password. Any users added to the account after SSO was enabled will need to go through the reset password flow.

Removing users from SSO

The usual offboarding flow is to delete a user from the SSO provider. However, because sessions for logged in users through SSO remain usable for a maximum of 24 hours, offboarding can be sped up by deleting the user from Geckoboard first. This will terminate the session immediately, so by the time the user is deleted from the SSO provider a potential session has been expired and new sessions will be prevented.

Related Articles
Configure Azure to use SSO in Geckoboard
Configure Okta to use SSO in Geckoboard
Did this answer your question?