Skip to content

SSO Management

Guance supports SSO management based on SAML and OIDC/OAuth 2.0 protocols. Enterprises can manage employee information in their local IdP (Identity Provider) without synchronizing users between Guance and the enterprise IdP. Employees can log in and access Guance through designated roles.

In SSO Management, you can:

User SSO

Employees whose email addresses conform to the domain suffix of the enterprise's unified identity authentication can log in to Guance using that email address and access the system according to the configured permissions.

  1. Go to Manage > Member Management > SSO Management > User SSO.
  2. Choose SAML or OIDC as needed.
  3. Start configuration.
Note
  • Multiple SSO IdP configurations can be created, with a maximum of 10 SSO configurations per workspace.
  • When multiple workspaces are configured with the same identity provider for SSO single sign-on, users can log in to the workspace via SSO and then click the workspace option in the upper left corner to switch between different workspaces to view data.

Access Types

SAML
OIDC

SSO List

Role Mapping

  • Enable Role Mapping:

    • SSO login users are dynamically assigned roles based on matching the attribute field and attribute value from the identity provider against role mapping rules.
    • Users who do not match any mapping rules will have all roles removed and will be unable to log in and access the workspace.

  • Disable Role Mapping: Single sign-on users retain their previously assigned roles and are not affected by changes in assertions from the identity provider side.

Options

After adding an identity provider, you can manage the SSO configuration as needed. The following operations are supported:

  • Edit: Modify information, enable or disable. This operation affects the login experience of existing SSO members and should be performed with caution.
  • Delete: This operation removes the current single sign-on configuration, and related members will be unable to log in through this configuration. Proceed with caution.
  • Import/Export Identity Provider: Supports importing and exporting identity provider configurations for quick replication across multiple workspaces.
Note
  • When exporting a file, the file name cannot be the same as an existing identity provider in the current workspace.
  • Exported files must comply with JSON format specifications.

View SSO Members

  • Member Count: Displays the total number of all members who have logged in via SSO.
  • Member List: Click on the member count to view the specific list of authorized SSO members.

Email Notifications

Workspace Owners and Administrators will receive relevant email notifications when SSO is enabled, configured, or deleted.

Login Verification

  1. Log in via email to the Guance SSO page: https://auth.guance.com/login/sso.
  2. Enter the email address configured during SSO creation to access all workspaces authorized by this identity provider.
  3. Login address.
  4. Enter username, password, and other information.
  5. Login successful.

Note
  • If the workspace has role mapping enabled, but the current user does not match any role or role mapping is disabled, the message "No access permission" will be displayed.
  • After an identity provider is deleted from the workspace, users will not see unauthorized workspaces when selecting SSO login.

Feedback

Is this page helpful? ×