Single Sign On

Currently, only SAML2 is supported for SSO

SAML2

Prerequisites

  1. You have superuser permissions in your Grape installation
  2. You have a SAML2 SSO Server running that is reachable for the Grape server

Enable SAML2 SSO for an organization

  1. Go the admin site (https://grape.example.com/admin)
  2. Click on “Organizations”
  3. Click on the organization that needs SSO
  4. Scroll down to “Features”
  5. Select “SAML2 Single Sign On” From the drop-down menu
  6. Scroll down to the bottom
  7. Press “Save”

Configure SAML2 SSO

In the Web Client or in your Desktop Client:

  1. Click the cogwheel cogwheel
  2. Click “Organization Settings”
  3. Click on “Single Sign On (SSO)” in the menu on the left (this option is only available after you enabled SSO in the admin site!)
  4. Follow the steps on the website

Changing the certificate

If you want to change your server certificate that is being used for SAML2,:

  1. Update the certificate on your IDP
  2. click “Update SSO” in the Grape SSO Settings. The Grape server will pull the new metadata including the new certificates.

In case you have problems, you can manually change the certificate:

  1. Click on “Advanced SSO Settings”
  2. Check “IDP signing Certificate” and “IDP encryption Certificate” and change them manually if needed
  3. Click “Update Advanced SSO Settings”

We don’t support automatic certificate rollover. If you need this functionality, get in touch with us.