Setting Up Single Sign On - SSO
Guru Accounts on the Pro, Team, Corporate, or Enterprise Editions can set up SAML-based single sign-on (SSO), giving your team access to Guru via an identity provider (IDP) of your choice.
If you use GSuite, Google Auth SSO is available on any Guru plan, however, as an Admin you cannot LIMIT end users to only sign in via Google Auth.
If you use Okta, we have an official Okta app, searchable on their app page.
Step 1: Set up Connection with your Identity Provider
To get started, you’ll need to set up a connection for Guru SSO — also known as a connector — with your IDP. To set up a connector, you'll need some information from Guru, which you can find in your Guru SSO Integrations page.
To Access your Guru SSO Integration page:
Go to your Guru Settings (select the gear icon in the upper right hand corner of the web application)
Click the blue Settings button next to the Single Sign-On
|Things Guru's SSO Integrations page provides||Things you'll need from your IDP|
|Your Guru Team ID||IDP Issuer|
|Guru Single Sign-On URL||IDP Single Sign-On URL|
|Audience URI||X.509 Certificate|
Here is a list of IDPs we've worked with in the past (however we are not limited to this list):
NOTE: Guru currently does not support SSO through Office 365. We only support SSO through Google and standard SAML using a third party identity provider
Step 2: Set Up SSO inside Guru
Now that you've gathered information from your IDP, an Admin on your team can enable SSO by filling in the required information on your team's SSO Integrations page.
NOTE: You must be an Admin in Guru to see the Integration page.
Navigate to your Integration page in Guru's web app
Fill in all the required fields with the information you gathered from your IDP
Choose your Provision Type. The options are:
"Automatically add users" - Guru will add the user to the team the first time they log in via SSO
"Require users to be invited" - You must explicitly invite users to your Guru Team (These users must additionally having access to your IDP.)
Select your Session Timeout in days (default = 14 days)
When you're ready to turn it on, click Enable SSO.
What to Expect after SSO is enabled:
Once you've configured and enabled SSO, Guru users can ONLY log in through the Identity Provider (unless they are Admins who can always log in via username and password as a failsafe)
NOTE: If a user is logged in to Guru before SSO is enabled, they will not be automatically logged out, but will have to login through the Identity Provider upon their next login
Once authenticated, if a user's session times out, Guru will direct the user back to the Identity Provider to re-authenticate. If the user logs out of Guru the user will have to begin at the Identity Provider to start the authentication process.
What about User Provisioning?
User provisioning is a manual process by default, through the Invite to Team functionality. Additionally, any user that authenticates through SSO will be added to the team automatically.
TIP: To simplify user management, Guru also supports SCIM provisioning. Reach out to our support team for more information firstname.lastname@example.org