- DarkLight
This article provides guidance on setting up SAML SSO in Gong for various providers. It outlines the required information, such as Identity Provider Metadata URL, SSO bindings, and SAML response details. Specific instructions are given for Microsoft Azure setup, including steps for authentication configuration and user/group management. The process involves entering metadata URLs, configuring attributes, and testing the SSO authentication. Additional details may be requested by the SSO provider, such as Gong's entity ID and ACS URL. The article emphasizes the importance of following the specified settings and ensuring proper configurations for successful SAML SSO integration with Gong.
We support you in whatever SAML SSO provider you want to use for your people to log in to Gong.
This article describes the information you need to set up SAML SSO in Gong for non-specific providers. We have specific instructions for Okta, OneLogin, and Rippling. For any other providers, read on. This article includes information you may need to give your provider. Have questions? Check out the Authentication FAQs.
Prerequisites
We ask for the following information:
Identity Provider Metadata URL or Identity Provider Metadata XML file
The URL must be a public URL, meaning that it's publicly accessible, and it should generate a valid SAML Metadata response.
The XML response or the Metadata XML file must include two SSO bindings with a valid URL:
HTTP-POST
HTTP-REDIRECT
An example of the SAML response Gong receives:
The URL you want to redirect people to after they log out of Gong
In your provider, set the SAML name identifier property to emailAddress
In your provider, make sure that Signed Authentication Request is turned off
Your provider may need
Your provider may ask you for some or all of the following:
Gong's entity ID: https://app.gong.io (use this value as written here and not the customer application domain)
Gong's ACS URL: https://app.gong.io/welcome/okta/saml/login
X509 certificate: Gong does not provide this certificate. Your provider should be able to provide one, if needed.
Microsoft Azure SAML SSO setup
To set up authentication via Microsoft Azure:
Log into Microsoft Azure with admin credentials and select Enterprise applications.
Click +New application > Create your own application.
Give the application a name such as Gong SSO, keep the default settings and click Create.
In the application, select Set up single sign on.
Select SAML.
Edit the Basic SAML Configurations and enter the following values:
Identifier (Entity ID): https://app.gong.io
Reply URL (Assertion Consumer Service URL): https://app.gong.io/welcome/okta/saml/login
Click Save.
Edit the Attributes & Claims section as follows:
Name identifier format: Email address
Source: set to Attribute
Source attribute: user.mail
Delete any Additional claims
In the Users and Groups section, add the users or groups you want to have SSO login to Gong.
In the Single sign-on section, copy the App Federation Metadata URL.
Once you have set up Microsoft Azure for SSO authentication in Gong:
In Gong, go to Company settings > Company > Authentication.
In the Identity provider metadata URL, enter the App Federation Metadata URL you copied from Microsoft Azure.
In After logout, redirect to, enter https://myapps.microsoft.com or a URL that displayes the applications the user has access to.
Click Update. Logout and login via Azure to test the SSO authentication.