Gomboc User Docs
  • Welcome
  • Getting Started
    • Access & Log in
    • Initial Set up
    • Free Trial Setup Guide
  • Integrations
    • Domains & IPs
    • Cloud Security Posture Management (CSPM)
      • Orca Security
      • Wiz
    • Source Code Management (SCM)
      • Azure Devops
      • GitHub
      • GitLab
      • BitBucket
    • VSCode Plugin
  • API
  • Configuration
    • Browser Settings
    • Authentication - Pwdless & SSO
    • User Management
  • Remediation Process
  • Security Status
  • Scan Results
  • Troubleshooting
  • Data Architecture & Flows
  • Glossary
Powered by GitBook
On this page
  • Overview
  • SSO Configuration
  • Step 1: Configure your IdP (Create SAML App)
  • Step 2: Claim Domain
  • Step 3: Manage Authorization (Default Roles)
  • Step 4: Group Mapping to Roles (Optional)
  • Step 5: Turn On SSO Connection
  • Contact Support
Edit on GitHub
  1. Configuration

Authentication - Pwdless & SSO

PreviousBrowser SettingsNextUser Management

Last updated 7 months ago

Overview

Gomboc provides 2 different ways for authenticating users:

Method
How it works
Requirements

Passwordless

  1. Users login with their email address

  2. They will receive an email with a 6-digits code, to insert on Gomboc login page

SSO

  1. Users login with their email address

  2. They will be redirected to your IdP (e.g. Okta, Google Workspace)

  3. Upon authentication, they will be redirected to Gomboc

  1. Create a SAML app in your IdP for Gomboc (see below for guidance)

  2. Configure the SSO connection in the Gomboc Portal

SSO Configuration

Gomboc provides an easy to follow configuration wizard for setting up an SSO connection to your Identity Provider.

Note: the following admin-level permissions are required in your Company's IT systems:

  • IdP: Creation of a custom SAML application

  • DNS: Creation of a TXT record

When ready, follow these steps to configure SSO for authenticating to Gomboc

Step 1: Configure your IdP (Create SAML App)

  1. Login to app.gomboc.ai (through the Magic Link sent to your email)

  2. Click on your account on the top right > Settings

  3. Click on SSO on the left sidebar > Setup SSO Connection:

  1. Select your IdP and follow the wizard to create a SAML app:

  1. On "Create SAML Application": use the following parameters (they are also mentioned in the configuration wizard):

    2. Entity ID: gomboc

    3. Name ID format: EMAIL

    4. Name ID: Primary Email

  2. On "Fill Attribute Statements": leave as-is, it's optional (you can configure groups later if needed)

  3. Enable the SAML App in your IdP and download the Metadata in xml

  4. Upload the Metadata obtained in the previous step from your IdP in the Gomboc SSO configuration wizard

  5. Confirm and Continue to next step (claim domain)

Step 2: Claim Domain

  1. Once the IdP configuration is completed, insert your company's domain under "Claim Domain" in the SSO Configuration Wizard and click Proceed:

  1. Create a new TXT record in your company's DNS, inserting the Name and Value from the wizard:

Step 3: Manage Authorization (Default Roles)

Once the domain is validated, the next and final step is for managing authz and assigning roles to your new users.

  1. By default there are 2 roles - Admin and Read-Only; select the one you want to assign by default to every new user logging in to Gomboc and click Done:

Step 4: Group Mapping to Roles (Optional)

It is possible to automatically assign the Admin or Read-Only role to your IdP Groups.

  • Note: By default the groups that the user passes from the IdP are being checked only upon user creation / first login via SSO to Gomboc

For the mapping to work, follow these steps:

  1. Configure the Role Mapping on your IdP SAML Application (here below an example from Google Workspace)

  1. In the SSO configuration of the Gomboc Admin portal, map the groups that your users will be passing to corresponding roles in your application:

  1. Click "Done"

Step 5: Turn On SSO Connection

  1. Once the SSO Configuration Wizard is completed, make sure to turn on the recently created SSO connection

Contact Support

If you encounter any issues or need further assistance, please contact our support team:

E-mail: support@gomboc.ai

Invite the users to your Gomboc Org (see )

ACS URL:

https://auth.app.gomboc.ai/auth/saml/callback
User Management