Skip to main content
All CollectionsAccount ManagementAccount Authentication Providers and Single Sign-On
Custom Single Sign-On (SSO) configuration overview
Custom Single Sign-On (SSO) configuration overview

Leverage Custom Single Sign-On for your Enterprise account. Here, you’ll find a configuration overview for this feature.

Updated over 3 weeks ago

❔Catch-up quick

Enterprise accounts can set up Custom SSO to integrate your account with your existing business systems, and tailor your identity and access management.

Use your existing Custom Single Sign-On (SSO) provider with your account when you leverage Custom SSO.

🗒️ Note: Custom SSO requires that you have an Enterprise account.

You'll need some specialized technical knowledge to set up Custom SSO. If you're unfamiliar with SSO set-up, or don't have a dedicated IT team, explore standard SSO.

Custom SSO supports authentication with SHA256 encryption. If your organization uses an SSO Identity Provider (IdP) other than those available through your account's standard SSO, you can use your preferred SSO provider with Custom SSO.

IdP-initiated SSO set-ups are not supported. If you'd prefer to use an IdP-initiated process, you can use the Bookmark App to simulate an IdP-initiated SSO setup.

Custom SSO supports multiple service provider end points, but they’ll need to be set up as different SSO codes.

Once you’ve confirmed that you can meet the configuration requirements, review the Custom SSO user management and log-in process to verify that the available Custom SSO offerings meet your needs.

Custom SSO configuration requirements

When configuring Custom SSO, GoFormz provides:

The client (IdP owner) must provide:

  • URL to metadata file, or

  • If hosted by GoFormz, the metadata file containing:

    • Assertion properties (i.e., firstname, lastname, and emailaddress)

    • Encrypted certificate

    • Entity ID

    • Signout and Signin URL's

Custom SSO user management

Custom SSO supports SAML 2.0 protocol for the creation and management of users and Groups. You'll also need to verify that the client IdP supports the acceptance of RelayState parameters.

With Custom SSO, user profiles can be created automatically upon the user’s initial log-in with auto-provisioning. Auto-provisioning is supported by API (SCIM) endpoints able to handle group enrollment and user deprovisioning.

Required user attributes include email address, first name, and last name. These attributes follow GoFormz’s standard email validation.

GoFormz offers support for groups during the auto-provisioning process. Groups can contain a comma-separated value list of your account's existing Groups for automatic user enrollment upon their profile creation.

If a user profile is created without being assigned any Group, it won't have any permissions.

Familiarize yourself with the user log-in process if you’re leveraging auto-provisioning.

Custom SSO user log-in process

With configuration requirements met, and a plan in place for user profiles, you’ll need your users to know how to access their user profile.

Your users can log in to your account directly using a customized log-in page. If you don't have a customized log-in page set up, your users can log in through the GoFormz SSO Log in.

To access SSO Log in your user clicks Use Company credentials (SSO) link on the standard log-in page. Alternatively, they can navigate directly to the SSO Log in.

Screenshot displaying the location of the "Use Company credentials (SSO)" option on the log-in page of the GoFormz web app.

Once the user arrives on the SSO Log in page, they’ll provide their Corporate Identity code. They'll then be able to log in to your Custom SSO provider.

If you’d like your account’s user profiles subjected to inactivity timeout, please contact your Account Manager and request this feature.

Custom SSO users and admins do not have direct access to the password reset fields. Manage your user passwords via your preferred SSO provider.

Related Topics

Did this answer your question?