Single Sign-On is a means for users of a Go1 Platform to sign in to their account using existing account details from a compatible platform.
Why SSO?
Strengthened security
Usernames and passwords are the main target of cybercriminals. Every time a user logs in to a new application, it’s an opportunity for hackers.
SSO reduces the number of potential attacks because users only log in once each day and only use one set of credentials. Reducing login to one set of credentials improves security.
Improved usability for all users
Requiring separate usernames and passwords for each app can be a cognitive burden for employees and impact productivity. Single sign-on reduces that cognitive burden.
Seamless user access between systems
With only a few clicks, users are able to jump between systems to the Go1 Platform without barriers.
Setting up SSO
Before you begin, we suggest involving your IT department to support you in enabling SSO. If you have questions read our Single Sign-On FAQ page or check in with your Implementation Project Manager.
Prep work
Your SSO team will need to set up part of the SSO connection on your SSO platform (Identity Provider) prior to completing the steps below in your Go1 platform.
Your connection will need a Post back URL and Entity ID, these will be generated by Go1 after you have connected your SSO to your Go1 platform (see below).
The following user attributes need to be configured in your Identity provider. Please note ALL below attributes need to be set up even though there is some duplication.
Connect your SSO to Go1
Log in to an administrator account on your Go1 Platform.
Access the Integrations page by clicking your avatar from the top-right navigation, followed by Integrations.
Select from the left-hand menu the tab: Single Sign-on
From the Single sign-on settings, check the box: Enable Single sign-on
After checking the box, complete the fields with the information provided from your Identity Provider setup, note some are optional.
Login URL: copy from your SSO set up on your Identity Provider
x.509 Certificate: copy from your SSO set up on your Identity Provider, please note this requires the ‘Begin Certificate’ and ‘End Certificate’ header and footer included. (public X509 Certificate - SAMLP server public key encoded in PEM or CER format)
Logout URL: Choose where to direct users when they logout of the Go1 platform. If setting here please leave blank in Settings > Portal information.
Entity URL: Generated by Go1, this will populate once you have submitted this page successfully
Field Mapping: Fields sent to Go1 must match exactly the fields we are expecting, see the attributes table above. If these cannot be mapped in your Identity Provider set up you can optionally add here.
Accept Requests from IdP-initiated SSO Behavior: Check this box if you want to have users access Go1 via your identity provider.
Select Submit to create a connection with Go1.
After selecting submit, you will see the Post back URL and Entity ID fields appear. Go to the next section to complete the SSO setup.
Amend your Identity Provider with metadata from the Go1 connection
Copy Post back URL (1), Entity ID (2) to your Identity Provider setting
If your Identity Provider requires more information, select (3) to get the metadata of the Go1 connection.
If your system requires a Post back URL and Entity ID before creating a connection, you can create these manually following this format.
Post back URL: https://go1web.auth0.com/login/callback?connection=<PORTALNAME>
-mygo1.com
Entity ID: urn:auth0:go1web:<PORTALNAME>
-mygo1-com
IMPORTANT: SSO configuration only applies to users with a SAML Identity Provider. Not OAuth or Auth0.
Customising your SSO sign-up button
Administrators can also customise the button text that displays on your Go1 Platform's sign-in page, which by default says "Login with Identity Provider".
Type the text into the field provided to see a preview and then click Save to apply that change.
Please note, in some instances, custom configuration may be required on Go1’s authorisation platform Auth0. Please speak to your Implementation Project Manager or Go1 support before making changes to your SSO once set up.
Final configurations
Once your connection is successfully configured and tested you may also choose to enable/disable two additional settings that can be found under the Go1 platform Settings page.
To find these go to your avatar in the top right-hand corner > choose Settings > choose Configuration from the left-hand menu > under Enabled Applications you will see the following:
Hide login with email option
This makes SSO the only option to access your Go1 platform and auto-redirects users to SSO login.
Disallow Register via SSO
Go1 enables just-in-time provisioning by default on all SSO connections, this can be disabled here.