SSO Setup
SSO Setup
Configure Single Sign-On (SSO) to let your team log in with their existing corporate credentials.
Supported Providers
- SAML 2.0 — Any SAML-compatible identity provider
- Azure Active Directory — Microsoft 365 and Azure AD
- Google Workspace — Google corporate accounts
- Okta — Okta identity management
- OneLogin — OneLogin identity provider
SAML Setup (Generic)
1. Go to Settings > Security > SSO 2. Select SAML 3. Enter the required information:
- SSO URL — Your IdP's login URL
- Entity ID — Your IdP's entity identifier
- Certificate — X.509 certificate from your IdP
4. Copy the GoVista ACS URL and SP Entity ID into your IdP configuration 5. Test the connection 6. Enable SSO
Azure AD Setup
1. In Azure Portal, create a new Enterprise Application 2. Select SAML as the sign-on method 3. Configure:
- Identifier — GoVista SP Entity ID
- Reply URL — GoVista ACS URL
4. Download the Federation Metadata XML 5. Upload it in GoVista SSO settings 6. Assign users in Azure AD
Google Workspace Setup
1. In Google Admin Console, go to Apps > SAML Apps 2. Click Add App > Add Custom SAML App 3. Configure with GoVista's ACS URL and Entity ID 4. Map attributes (email, first name, last name) 5. Enable the app for your organizational units
Test SSO with a single admin account before enabling it for all users. This lets you fix any configuration issues without locking everyone out.
Okta Setup
1. In Okta, add a new SAML application 2. Enter GoVista SSO configuration URLs 3. Map user attributes 4. Assign users or groups 5. Activate
Post-Setup Configuration
- Auto-provisioning — New users created automatically on first SSO login
- Role mapping — Map IdP groups to GoVista roles
- Force SSO — Require all users to sign in via SSO (disable password login)
Before enabling "Force SSO," ensure at least one admin can log in via SSO successfully. Keep a backup admin account with password login enabled in case of SSO provider outages.