SSO Setup

Gretel uses WorkOS to provide authentication and Single Sign-on. WorkOS is SOC2 Type 2 Certified and GDPR and CCPA compliant. See their security page for more details.

Prerequisites

An account with an Identity Provider (IdP) like Microsoft Active Directory, Okta, or Google Workspace. Find the list of supported identity providers here.

Configuration Steps

Step 1 - Reach out to the Gretel Customer Success Team

Reach out to the Customer Success Team via email to initiate the process for configuring SSO. Please reach out to your enterprise sales representative for help starting this conversation if you are not already engaged with the Customer Success Team.

The Customer Success Team will provide you with an ACS URL and an IdP URI (Entity ID) which you will need to use to configure your IdP.

Step 2 - Configure SSO in Your IdP

  1. Log into your IdP's dashboard.

  2. Create a new SSO application/integration for Gretel, selecting SAML or OIDC protocol. Follow the WorkOS docs for steps and screenshots that are specific to your IdP.

  3. Configure the application with necessary the Assertion Consumer Service (ACS) URL and Entity ID/Audience URI, which Gretel will provide as mentioned in "Step 1".

  4. Set up attribute mappings (e.g., email, name) as per the WorkOS documentation for your specific IdP.

Step 3 - Send SSO Configuration Details to Gretel

After setting up the SSO application in your IdP, obtain the Metadata URL for your configured SSO application within your IdP. The specific WorkOS documentation for your IdP should provide the exact steps to do this.

Send the Metadata URL to the Gretel Customer Success Team. We will set up these details in WorkOS to complete the SSO integration.

Testing the Integration

Once we have confirmed the integration is complete, conduct the following test cases.

  1. Successful Login. Attempt to log into Gretel using your IdP credentials. Verify that you gain access without any issues.

  2. Invalid Credentials. Try to log in with incorrect credentials. Ensure that access is denied.

  3. User Role Verification. Log in with different user accounts (if possible) to verify that user roles and permissions in Gretel correspond correctly to what's configured in your IdP.

  4. Logout and Re-Authentication. Log out of Gretel and then log back in to ensure the session ends and restarts correctly.

Additional Access Controls

To determine who can log into Gretel through SSO, you'll need to set up additional controls within your IdP. This typically involves:

  • Group or Role-Based Access: Define which groups or roles in your IdP are allowed access to Gretel. Only users within these specified groups or roles will be able to log in.

  • User Provisioning: Ensure that only provisioned (active) users in your IdP have access. De-provisioned (inactive) users should not be able to authenticate.

By following these steps and conducting thorough testing, you can ensure a secure and efficient SSO setup for accessing Gretel.

Last updated