TL;DR:
GoodTime’s platform offers SSO authentication which allows our customer’s users to log into our system using their domain credentials (the same username and password you use to log into your corporate PC). This means GoodTime users will not need to remember a new username or password. It also offers increased security in that when an account is disabled or removed at the domain level (the corporate user management system) it will ALSO be disabled in the GoodTime system. We leverage a generic protocol called SAML (Security Assertion Markup Language). There are different Identity Providers (Okta, OneLogin, Azure, PingIdentity, SailPoint SSO etc.) that allow companies to make signed assertions (logins) into GoodTime. Our team has confirmed compatibility with OneLogin, Okta, and Azure, however, a customer’s IT team should be able to integrate any Identity Provider (IdP) with our product by following their IdP’s documentation. We unfortunately can not offer resources to help configure SSO beyond the 3 tested above (OneLogin, Okta, and Azure).
A step-by-step guide.
-
Your CSM will enable SSO / SAML Auth on your behalf. This will be enabled at the organization level. This feature is not configurable at the user level.
-
If you're a GoodTime Super Admin, you'll now have access to the SSO settings page:
This page displays the Service Provider info you'll use when configuring your IdP to work with GoodTime. This page also accepts your IdP metadata, which you'll obtain from your IdP and enter here to configure GoodTime to work with your IdP.
- Please work with an IT point of contact at your company to configure your IdP. The SAML protocol is generic and should work with any SAML Identity Provider service. We've tested our integration with the following providers. Step-by-step instructions on how to set them up are linked below:
- Once Completed, you (or your IT point of contact) can Configure GoodTime.
- Head over the to the GoodTime SSO Settings page.
- Open the metadata xml file the IT staff member sent you from the previous section Configure your Idp.
- Copy the contents of that file and paste it into the Identity Provider Metadata field.
- Click Save.
Congrats! The org should now be configured to authenticate using SAML.
- When a user from your org logs out, they should be navigated to the SSO Login page at
https://a.goodtime.io/login/{org}
- You can also continue to use the OAuth Login page at
https://a.goodtime.io/login
If there is an error in the configuration when you attempt to access the SSO Login page, you'll automatically be redirected to the OAuth Login page. Please connect with your GoodTime CSM with any questions.