Authentication FAQs
  • 1 minute read
  • Contributors

Authentication FAQs

Article summary

What authentication systems should I enable?

Enable any trusted systems that your company uses for authentication. We support Salesforce and your Office suite (Google Workspace or Office 365), SSO systems that support SAML, and Okta OpenID Connect.

Should I keep the Gong username & password enabled?

It’s up to you. If you have sign-in policies that you need to enforce in your organization, you can require users to sign in using the systems that enforce those policies (such as SAML), and do not need to keep Gong username & password enabled.

Which single sign-on identity management services (SAML SSO) are supported?

We support the SAML protocol, and test it with Okta, Rippling, and OneLogin.

How do I set up SAML SSO authentication?

You can find the set up instructions here.

How can I set up authentication with an external provider?

When you select Google, Microsoft, or Salesforce on this page and save your changes, people can log in to Gong using their work Google, Microsoft, or Salesforce credentials. No further set up required!

Does Gong support SSO with Azure AD?

Yes, Gong fully supports SSO with Azure AD. Click here for further details.

What is Gong's password policy?

Your password should be 12 characters or more. It can be any combination of letters, numbers, and symbols (ASCII-standard characters only), and must include at least 3 of the following:

  • 1 uppercase character

  • 1 lowercase character

  • 1 digit

  • 1 special character

When does an account get automatically logged out?

When an account gets automatically logged out depends on the authentication method you select for your team members.

If the user logged in with their username and password, or via SAML authentication, the default session timeout is 30 minutes. This can be customized for SAML SSO providers.

If the user logged in via one of the common identity providers such as Google, Microsoft, Salesforce, or via OKTA Open ID connect, the identity provider controls the session timeout policy. In this case, we automatically renew the session every 30 minutes until the token is no longer valid.

What is the account lockout threshold?

Users who have five failed login attempts are locked out of their accounts for 60 minutes.

Was this article helpful?


Eddy AI, a genAI helper, will scrub our help center to give you an answer that summarizes our content. Ask a question in plain language and let me do the rest.