Authentication - Pwdless & SSO
Last updated
Last updated
Gomboc provides 2 different ways for authenticating users:
Passwordless
Users login with their email address
They will receive an email with a 6-digits code, to insert on Gomboc login page
SSO
Users login with their email address
They will be redirected to your IdP (e.g. Okta, Google Workspace)
Upon authentication, they will be redirected to Gomboc
Create a SAML app in your IdP for Gomboc (see below for guidance)
Configure the SSO connection in the Gomboc Portal
Gomboc provides an easy to follow configuration wizard for setting up an SSO connection to your Identity Provider.
Note: the following admin-level permissions are required in your Company's IT systems:
IdP: Creation of a custom SAML application
DNS: Creation of a TXT record
When ready, follow these steps to configure SSO for authenticating to Gomboc
Login to app.gomboc.ai (through the Magic Link sent to your email)
Click on your account on the top right > Settings
Click on SSO on the left sidebar > Setup SSO Connection:
Select your IdP and follow the wizard to create a SAML app:
On "Create SAML Application": use the following parameters (they are also mentioned in the configuration wizard):
Entity ID: gomboc
Name ID format: EMAIL
Name ID: Primary Email
On "Fill Attribute Statements": leave as-is, it's optional (you can configure groups later if needed)
Enable the SAML App in your IdP and download the Metadata in xml
Upload the Metadata obtained in the previous step from your IdP in the Gomboc SSO configuration wizard
Confirm and Continue to next step (claim domain)
Once the IdP configuration is completed, insert your company's domain under "Claim Domain" in the SSO Configuration Wizard and click Proceed:
Create a new TXT record in your company's DNS, inserting the Name and Value from the wizard:
Once the domain is validated, the next and final step is for managing authz and assigning roles to your new users.
By default there are 2 roles - Admin and Read-Only; select the one you want to assign by default to every new user logging in to Gomboc and click Done:
It is possible to automatically assign the Admin or Read-Only role to your IdP Groups.
Note: By default the groups that the user passes from the IdP are being checked only upon user creation / first login via SSO to Gomboc
For the mapping to work, follow these steps:
Configure the Role Mapping on your IdP SAML Application (here below an example from Google Workspace)
In the SSO configuration of the Gomboc Admin portal, map the groups that your users will be passing to corresponding roles in your application:
Click "Done"
Once the SSO Configuration Wizard is completed, make sure to turn on the recently created SSO connection
If you encounter any issues or need further assistance, please contact our support team:
E-mail: support@gomboc.ai
Invite the users to your Gomboc Org (see )
