Manuals
Configure Single Sign-On (SSO) via SAML
You can give customers the ability to authorize using SSO (Single Sign-On) — a single sign-on technology with which a user can log in to a personal account using a corporate account.
To implement the technology, our systems use the SAML 2.0 XML protocol which is an open standard for the secure exchange of authentication and authorization data between the corporate identity provider (IdP) and the service provider (SP) of Gcore.
To allow your users to log in using SSO, in the Admin Portal:
1. Go to the “Authorization” tab.
2. In the “Login options” section, activate the “SSO Login” authorization method.
3. In the “Provider” section, enter your provider information.
Activate “Force redirect to the Identity provider” if desired. If this option is enabled the user only has to enter a username and password to log in. If it is disabled the user has to enter the corporate domain additionally.
4. Using the checkboxes at the bottom, select the type of account for entering using the SSO — customer’s one, administrator’s one, or both.
2. This step will appear if you have not activated the “Force redirect to the Identity provider” option. If you have done, it will not appear.
Enter the corporate domain for which SSO authorization is connected and click “Sign in with SAML SSO”.
3. Enter your username and password and log in.
2. This step will appear if you have not activated the “Force redirect to the Identity provider” option. If you have done, it will not appear.
Enter the corporate domain for which SSO authorization is connected and click “Sign in”.
3. Enter your username and password and log in.
Configuring SSO in the Admin Portal
| Field | Description |
| Name | Your identity provider name. You can specify any name, the data from this field will be displayed only in the Admin Portal and do not affect the SSO settings. |
| Entity ID | Unique URL for the connection to the identity provider. Provided by the IdP. |
| Domains | The list of domain names will be used to redirect to the identity provider page for authorization via SSO. |
| SAML metadata | XML file with the identity provider metadata. Provided by the IdP. |
Data for the identity provider
After entering the identity provider information on the Gcore side, enter the Gcore information in the identity provider settings. All necessary metadata is available by link: https://api.gcore.com/iam/auth/saml2/metadata. If you use a self-signed SSL certificate, you must enable the use of such certificates in the settings of the identity provider.Authorization via SSO in the customer’s Customer Portal
1. Click “Sign in with SAML SSO”.Authorization via SSO in the Admin Portal
1. Click “Sign in with SAML SSO”.Supporting IDP-Initiated Login
In cases where the identity provider (IdP) initiates the login, specific configurations are necessary to ensure the redirection flow functions correctly. While our implementation primarily supports service provider (SP)-initiated login, IdP-initiated login can also be accommodated with the following adjustments: 1. Redirect to SP login endpoint: Configure the IdP to redirect login requests to the Gcore Service Provider endpoint:auth.gcore.com. If you have a custom domain, use the custom domain URL: auth.example.com.
2. Update Gcore Customer Portal settings: Ensure the “SSO Login” authorization method is active and properly configured to process incoming requests from the identity provider (IdP). If desired, you can enable the option to force redirects to the IdP for seamless authentication.
3. Modify IdP settings: Configure the IdP to require SP-initiated login. This ensures that when users attempt to log in from the IdP, they are redirected to the Gcore portal login URL (e.g., auth.gcore.com or auth.example.com) before the IdP completes authentication.
4. Verify redirect flow: Confirm that the login process follows these steps:
- The user clicks “Login to Gcore Customer Customer Portal” on the IdP.
- The request is redirected to auth.gcore.com or auth.example.com.
- The user is then redirected back to the IdP for authentication.
- After successful authentication, the user is logged into the Gcore Customer Portal with the appropriate domain settings applied.