This article explains how to configure the SAML authentication process in Gainsight PX.
Security Assertion Markup Language (SAML) is an Extended Markup language (XML) based open source authentication and authorisation mechanism. SAML allows you to log in to multiple applications with just one set of credentials. SAML consists of two main components; Identity providers (Idp) and Service Providers (SP). When a user logs in to a SAML enabled device, the service provider requests authorization for the user from the identity provider. The identity provider authenticates the user’s credentials and returns the authorization for the user to the respective service provider. The user can now use the application.
Gainsight PX uses Okta to enable SAML authentication and authorization. When you log in through Okta, you can use Gainsight PX and also other applications which you are authorized to. In Okta based SAML authentication, Gainsight PX is one of the service provider s(SP) and Okta is the identity provider (Idp). The working mechanism of Gainsight PX SAML authentication is shown in the following image.
To use SAML authentication, you must contact the Gainsight support team at email@example.com and request login credentials.
Configure SAML for Gainsight PX
This section explains how to configure the process of SAML authentication. Once Gainsight PX is configured to authenticate via SAML, users who want to access Gainsight PX will no longer be prompted to enter a username or password. Instead, an exchange between Gainsight PX and the configured IdP occurs that grants Gainsight PX access to the users.
To use SAML authentication mechanism:
Navigate to Okta’s official website; https://www.okta.com.
Click Sign In.
(Optional) If you are already using Okta, you can view a list of all your Okta accounts. You must choose the Okta account provided to Gainsight support team which has Gainsight PX configured as a service provider (SP).
- (applicable only if the above step is executed) Enter your Okta credentials and click Sign In.
- (applicable only if steps 3 and 4 are not executed) Click Use another account to log in with a new Okta account in which Gainsight PX is configured as a service provider (SP).
Type aptrinsic in the mycompany field. This ensures that you are using the Gainsight PX domain in Okta for your new account.
- Enter your Okta credentials and click Sign In.