Skip to main content
Gainsight Inc.

Configure SAML SSO with OneLogin in Gainsight

  1. Last updated
  2. Save as PDF

The article explains how admins can set up Single Sign-On (SSO) for Gainsight applications using OneLogin.

Overview

Configure Single Sign-On (SSO) with OneLogin to give users secure, centralized access to Gainsight. Once authenticated in OneLogin, users can seamlessly access all authorized Gainsight applications without needing to log in separately to each one.

Prerequisites

To successfully configure SAML-based Single Sign-On (SSO), both the OneLogin and Gainsight administrators must create and configure the SAML application in their respective platforms:

  • OneLogin Administrator: Set up the SAML application in the OneLogin portal.
  • Gainsight Administrator: Mirror the configuration by creating the corresponding SAML app within the Gainsight platform.

Set up SAML SSO in OneLogin

Follow the steps below to set up SSO in OneLogin:

  1. Sign in to OneLogin and click Administration. The Administration page appears.
  2. Click the Applications tab, then select Applications from the dropdown menu. The Applications page appears.

    OneLogin dashboard with the Applications menu expanded and the “Applications” option highlighted.
     
  3. Click Add App. The Find Applications page appears.

    Applications page showing existing apps and the “Add App” button highlighted for creating a new application.
     
  4. In the Search Box, enter SAML Custom Connector (Advanced) and select the result. The Configuration page appears.

    Search results showing the “SAML Custom Connector (Advanced)” application highlighted in OneLogin.
     
  5. Enter a Display Name for the application. 
  6. Click Save.
     AML Custom Connector setup screen showing the Display Name field and the Save button highlighted.
     
  7. From the left pane, click SSO. The Enable SAML2.0 page appears.

    SAML Custom Connector settings page with the SSO tab highlighted in the left menu and display name options shown.
     
  8. Under SAM 2.0 Endpoint(HTTP), click the Copy to Clipboard icon.

    SSO configuration screen showing SAML 2.0 settings, certificate details, and copy icons next to SAML endpoints.

    Note: Save the copied endpoint for later use in Gainsight.
  9. Click View Details, scroll down, and click Download. To download the X.509 PEM certificate.                        

    Certificate details page showing the X.509 certificate content with a highlighted Download button.

    Note: By default, the X.509 PEM is selected; ensure this remains the same.
  10. Click Certificates at the top. The Info page appears.

    Certificate details page showing key length, SHA fingerprint, and breadcrumb link to the Certificates list highlighted.
     
  11. From the left navigation pane, click Parameters. The Parameters page appears.
  12. Click the Plus icon to create a new field. The New Field dialog box appears.

    Parameters page of the SAML Custom Connector showing credential options and a highlighted plus icon to add a new parameter.
     
  13. Enter the Field Name as Username. 
  14. Click Save. The Edit Field Username page appears.
  15. On the Edit Field Username dialog box, provide the following details: 
    • Set Value to Email.
    • Select the Include in SAML assertion checkbox.

      Edit Field Username screen showing the value set to Email and the ‘Include in SAML assertion’ option checked.
       
  16. Click Save.

Setting up SAML in Gainsight

Follow the steps below to set up SAML in Gainsight:

  1. Sign in to Gainsight and navigate to Administration > Users and Permissions > User Management. The User Management page appears.
  2. Click the Authentication tab.

    User Management page showing user list and the “Authentication” tab highlighted in the top navigation.
     
  3. From the Add Authentication dropdown menu, select SAML. The SAML Mechanism dialog box appears. 

    The drop down is displayed and show SAM option
     
  4. In the SAML Mechanism dialog box, provide the following details:
  • Name: Enter a descriptive name for the app. For example:  OneloginSSO.
  • Email Domain: Enter your organisation's domain.
  • Sign In URL: Paste the SAML 2.0 Endpoint(HTTP) URL copied from OneLogin.
  • Certificate: Upload the X.059 file downloaded from OneLogin.

    SAML Mechanism setup form showing fields for domain, sign-in URL, certificate upload, and username field mapping.
  1. Click Save. The newly added connection appears in the Connections list.

    The newly added connection displays
     
  2. Click the three vertical lines next to the newly added Connection, and select Edit. The SAML Mechanism dialog box appears.

    Authentication connections list with the options menu open for OneLoginSSO and the Edit option highlighted.
     
  3. Click Download to download the metadata XML.

    undefined
     
  4. Extract the AssertionConsumerService Location and Entity ID from the downloaded XML file. Open the XML file and locate the following:
  • AssertionConsumerService Location: This is the content in quotations for the location in line 27 from the example image below.

    XML block is displayed
  • Entity ID: Find the Entity ID at the top of the file. It is the blurred-out section from the example image below. 

    XML code is displayed with blurred Entity ID

Finalize OneLogin Configuration

Complete the OneLogin configuration by updating the application with values from the Gainsight metadata. Follow the steps below to configure the OneLogin page:

  1. Navigate to the OneLogin Application setup.
  2. In the left navigation pane, click Configuration
  3. On the Configuration page, enter the following values from the Gainsight XML:
    • Audience (EntityID): Enter the Entity ID.
    • ACS (Consumer) URL Validator: Enter the AssertionConsumerService Location URL value.
    • ACS (Consumer) URL: Enter the same  ACS (Consumer) URL Validator (the AssertionConsumerService >  Location URL).

      The image show configuration tab in OneLogin

  4. Click Save.

The SSO Login setup is complete. Assign users to the newly created OneLogin application to enable access to Gainsight.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. SAML Authentication with OneLogin
    2. SSO with OneLogin