Skip to main content
All CollectionsIntegrationsSingle sign on (SSO)
Single Sign-On | Benefits and set up guide
Single Sign-On | Benefits and set up guide

Set up an SSO connection to your Go1 Platform with your SAML Identity Provider.

Updated today

Single Sign-On is a means for users of a Go1 Platform to sign in to their account using existing account details from a compatible platform.

Why SSO?

  • Strengthened security

    Usernames and passwords are the main target of cybercriminals. Every time a user logs in to a new application, it’s an opportunity for hackers.

    SSO reduces the number of potential attacks because users only log in once each day and only use one set of credentials. Reducing login to one set of credentials improves security.

  • Improved usability for all users

    Requiring separate usernames and passwords for each app can be a cognitive burden for employees and impact productivity. Single sign-on reduces that cognitive burden.

  • Seamless user access between systems

    With only a few clicks, users are able to jump between systems to the Go1 Platform without barriers.

Setting up SSO

Before you begin, we suggest involving your IT department to support you in enabling SSO. If you have questions read our Single Sign-On FAQ page or check in with your Implementation Project Manager.

Prep work

Your SSO team will need to set up part of the SSO connection on your SSO platform (Identity Provider) prior to completing the steps below in your Go1 platform.

Your connection will need a Login URL and Entity ID, these will be generated by Go1 after you have connected your SSO to your Go1 platform (see below).

You'll also need to set the Default RelayState, This is optional; if you want to support the IDP-initiated flow, enter the following - replacing the {customer-portal-id} with an ID the Go1 team will supply for you:

identity_provider=saml-{customer-portal-id}&client_id=33hckk53i9d9hn55djs3j1hk5&scope=openid&response_type=code&redirect_uri=https://api.go1.co/sso/saml/cognito-callback/ap-southeast-2_oZpTmvPtK

The following user attributes need to be configured in your Identity provider. Please note ALL below attributes need to be set up.

Configure Go1 connection for your Identity Provider

Copy information from your IDP into the Go1 Single sign-on configuration screen

Okta

Create a SAML app in Okta

  1. Open the Okta Developer Console (You need to have admin access)

  2. In the navigation menu, expand Applications, and then choose Applications.

  3. Choose Create App Integration.

  4. In the Create a new app integration menu, choose SAML 2.0 as the Sign-in method.

  5. Choose Next.

Configure SAML integration for your Okta app

  1. On the Create SAML Integration page, under General Settings, enter a name for your app.

  2. (Optional) Upload a logo and choose the visibility settings for your app.

  3. Choose Next.

  4. Under GENERAL, for Single sign on URL (Vendor - Reply URL (Assertion Consumer Service URL) for some other idps other than OKTA), enter

    https://auth-go1-sso-user-pool-prod-1.auth.ap-southeast-2.amazoncognito.com/saml2/idpresponse

  5. For Audience URI (SP Entity ID) (Vendor - Identifier (Entity ID) for some other idps other than OKTA), enter

    urn:amazon:cognito:sp:ap-southeast-2_oZpTmvPtK

  6. For Default RelayState, This is optional; if you want to support the IDP-initiated flow, enter

    identity_provider=saml-{customer portal id}&client_id=33hckk53i9d9hn55djs3j1hk5&scope=openid&response_type=code&redirect_uri=https://api.go1.co/sso/saml/cognito-callback/ap-southeast-2_oZpTmvPtK

  7. Under ATTRIBUTE STATEMENTS, add a statement with the following information:

  • Login URLSign on URL in Okta

  • X.509 CertificateSigning Certificate in Okta

  • Entity IDIssuer in Okta

  • Logout URLSign out URL in Okta

Connect your SSO to Go1

  1. Log in to an administrator account on your Go1 Platform.

  2. Access the Integrations page by clicking your avatar from the top-right navigation, followed by Integrations.

  3. Select from the left-hand menu the tab: Single Sign-on

  4. From the Single sign-on settings, check the box: Enable Single sign-on

After checking the box, complete the fields with the information provided from your Identity Provider setup, note some are optional.

  • Login URL: Copy from Go1 and use this URL to set up SSO on your Identity Provider: https://auth-go1-sso-user-pool-prod-1.auth.ap-southeast-2.amazoncognito.com/saml2/idpresponse

  • x.509 Certificate: copy from your SSO set up on your Identity Provider, please note this requires the ‘Begin Certificate’ and ‘End Certificate’ header and footer included. (public X509 Certificate - SAMLP server public key encoded in PEM or CER format)

  • Logout URL: Choose where to direct users when they logout of the Go1 platform. If setting here please leave blank in Settings > Portal information.

  • Entity URL: Generated by Go1, this will populate once you have submitted this

  • Accept Requests from IdP-initiated SSO Behavior: Check this box if you want to have users access Go1 via your identity provider.

  • page successfully

  • Field Mapping: Fields sent to Go1 must match exactly the fields we are expecting, see the attributes table above. If these cannot be mapped in your Identity Provider set up you can optionally add here. For example:

{"email":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"family_name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"given_name":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"}

Select Submit to create a connection with Go1. After selecting submit, you will see the Post back URL and Entity ID fields appear. Go to the next section to complete the SSO setup.

Customising your SSO sign-up button

Administrators can also customise the button text that displays on your Go1 Platform's sign-in page, which by default says "Login with Identity Provider".

Type the text into the field provided to see a preview and then click Save to apply that change.

Please note, in some instances, custom configuration may be required on Go1’s authorisation platform Auth0. Please speak to your Implementation Project Manager or Go1 support before making changes to your SSO once set up.

Final configurations

Once your connection is successfully configured and tested you may also choose to enable/disable two additional settings that can be found under the Go1 platform Settings page.

To find these go to your avatar in the top right-hand corner > choose Settings > choose Configuration from the left-hand menu > under Enabled Applications you will see the following:

  • Hide login with email option

    • This makes SSO the only option to access your Go1 platform and auto-redirects users to SSO login.

  • Disallow Register via SSO

    • Go1 enables just-in-time provisioning by default on all SSO connections, this can be disabled here.

Related Articles
Setting up certificates
Setting up your Go1 Microsoft Search integration | Part 1
Portal Notification Settings
Single Sign-On FAQ
SCIM user provisioning and de-provisioning
Did this answer your question?