# Authentication - Pwdless & SSO ## Overview Gomboc provides 2 different ways for authenticating users:
MethodHow it worksRequirements
Passwordless
  1. Users login with their email address
  2. They will receive an email with a 6-digits code, to insert on Gomboc login page
  1. Invite the users to your Gomboc Org (see /pages/4UOWOlsPORjf034RX81H)
SSO
  1. Users login with their email address
  2. They will be redirected to your IdP (e.g. Okta, Google Workspace)
  3. Upon authentication, they will be redirected to Gomboc
  1. Create a SAML app in your IdP for Gomboc (see below for guidance)
  2. Configure the SSO connection in the Gomboc Portal
*** ## SSO Configuration Gomboc provides an easy to follow configuration wizard for setting up an SSO connection to your Identity Provider. **Note**: the following admin-level permissions are required in your Company's IT systems: * IdP: Creation of a custom SAML application * DNS: Creation of a TXT record When ready, follow these steps to configure SSO for authenticating to Gomboc ### Step 1: Configure your IdP (Create SAML App) 1. Login to app.gomboc.ai (through the Magic Link sent to your email) 2. Click on your account on the top right > Settings
3. Click on SSO on the left sidebar > Setup SSO Connection:
4. Select your IdP and follow the wizard to create a SAML app:
5. On "Create SAML Application": use the following parameters (they are also mentioned in the configuration wizard): 1. ACS URL: 2. Entity ID: gomboc 3. Name ID format: EMAIL 4. Name ID: Primary Email 6. On "Fill Attribute Statements": leave as-is, it's optional (you can configure groups later if needed) 7. Enable the SAML App in your IdP and download the Metadata in xml 8. Upload the Metadata obtained in the previous step from your IdP in the Gomboc SSO configuration wizard 9. Confirm and Continue to next step (claim domain) ### Step 2: Claim Domain 1. Once the IdP configuration is completed, insert your company's domain under "Claim Domain" in the SSO Configuration Wizard and click Proceed:
2. Create a new TXT record in your company's DNS, inserting the Name and Value from the wizard:
### Step 3: Manage Authorization (Default Roles) Once the domain is validated, the next and final step is for managing authz and assigning roles to your new users. 1. By default there are 2 roles - Admin and Read-Only; select the one you want to assign by default to every new user logging in to Gomboc and click Done:
### Step 4: Group Mapping to Roles (Optional) It is possible to automatically assign the Admin or Read-Only role to your IdP Groups. * Note: By default the groups that the user passes from the IdP are being checked only upon user creation / first login via SSO to Gomboc For the mapping to work, follow these steps: 1. Configure the Role Mapping on your IdP SAML Application (here below an example from Google Workspace)
2. In the SSO configuration of the Gomboc Admin portal, map the groups that your users will be passing to corresponding roles in your application:
3. Click "Done" ### Step 5: Turn On SSO Connection 1. Once the SSO Configuration Wizard is completed, make sure to turn on the recently created SSO connection
## Contact Support If you encounter any issues or need further assistance, please contact our support team: E-mail: **** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gomboc.ai/configuration/authentication-pwdless-and-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.