We now support Enterprise Single Sign-On (SSO) functionality in Grabyo Studio, a significant enhancement designed to streamline access to the Grabyo platform. The implementation of SSO is aimed at enhancing the authentication experience, thereby facilitating more efficient and secure access to our platform.
Key Advantages of Enterprise SSO:
Streamlined Access: SSO enables users to access multiple applications using a single set of credentials, eliminating the need for multiple passwords and thereby enhancing user convenience.
Enhanced Security: The centralisation of authentication through your enterprise Identity Provider (IdP) reduces the likelihood of password-related security threats. Furthermore, it simplifies the management of user access, particularly in scenarios involving personnel changes, thereby ensuring a higher level of security integrity.
Compatibility: Grabyo integrates seamlessly with existing identity providers (IdP) that support the SAML protocol, ensuring compatibility with a wide range of popular enterprise systems and providers, including but not limited to Google Workspace and Microsoft Azure.
How to setup SSO
To enable SSO on your account, please reach out to your Customer Success Manager to request access. You will need:
Access to your Identity Provider (IdP) admin console
Ability to configure SAML 2.0 settings in your IdP
Steps to Configure SAML SSO
Log in to your Grabyo account and navigate to the ORGANIZATION page
Go to SECURITY
Get the ACS URL and ENTITY ID
Log in to your Provider's admin console
Create a new SAML 2.0 application integration
- Look for an option to add a new app or integrate a new service
- If prompted for a name, you can use GRABYO SSO
- When prompted to enter the ENTITY ID, copy/paste the value found in the Platform Manager
- When prompted to enter the ACS URL, copy/paste the value found in the Platform ManagerConfigure the SAML mapping settings
- Set up the attributes/claims to be sent in the SAML assertion.Grabyo requires Name ID to be the email address of the user.
Name ID Format → Email
Name ID → [Email address]
Grabyo also requires an “email” claim to match the email address of the user within the Grabyo platform (the claim should have no namespace associated with it; it should simply read “email”).
Download the IdP Metadata XML file
This XML contains crucial information about your IdP configuration
It typically includes details such as the IdP's entity ID, SSO URL, and public key certificate.
URL (Preferred): Copy the URL and provide it to Grabyo support to complete the integration.
📕 Note: Grabyo supports any SSO provider that supports SAML. Some examples are:
Steps to provide the Information to us
Once you have the IdP Metadata XML file:
Navigate back to the ORGANIZATION page > SECURITY
Upload the metadata XML file by going to the UPLOAD SAML CONFIGURATION button.
Steps to test the integration
After SSO has been configured in your account:
Switch on SSO for your own user in your account
Leave the user and password as on
Log out of Grabyo
You should now see a Login with Enterprise SSO button.
Use this button to verify that you can successfully authenticate using your IDP.
📕 Note: Important: This SAML SSO integration process does not enable auto-provisioning (SCIM). User accounts will still need to be created manually in the Grabyo platform (by Admins). SAML SSO only handles authentication, not user provisioning or deprovisioning.
Troubleshooting steps
The most common issue that may arise is due to the SAML mapping settings. If you cannot log in, please go back to step 5 and confirm that everything was set up correctly in your IDP.
✅ Tip: If issues continue to occur during this process or you have any questions, please don't hesitate to contact our support team within the in-platform live chat or at help@grabyo.com