Configuring Single Sign-On (SSO)

What is SSO and OIDC?

Single Sign-On (SSO) allows users to sign in once with their company credentials and access multiple apps without needing separate logins.

Gleap uses OIDC (OpenID Connect), a modern authentication standard built on OAuth 2.0.

SAML is not supported.

Organization vs. Project level SSO

• Organization level:
  Everyone signing in via the organization’s SSO login URL automatically becomes part of the organization.

• Project level:
  Users signing in via the project’s SSO login URL will only become part of that project.

  Users can belong to multiple projects, but they need to log in once through each project or organization SSO login URL.

What you need

To configure SSO, Gleap needs the following information from your SSO provider (e.g. Azure AD, Okta, Auth0, Google Workspace):

• Issuer URL

• Client ID

• Client Secret

• Scope

In return, Gleap will generate a Redirect URI.
You must add this Redirect URI to your SSO provider’s application configuration.

Setup steps

1. Go to your Organization Settings or Project Settings in the Gleap dashboard.

2. Open the SSO section.

3. Enter the details from your SSO provider:

   • Issuer URL

   • Client ID

   • Client Secret

   • Scope

4. Copy the Redirect URI shown in Gleap and add it to your SSO provider’s application.

5. Save your changes and enable SSO.

Share the login URL

Once enabled, Gleap generates a dedicated SSO login URL:

• Organization-level URL → Share with anyone who should join your organization.

• Project-level URL → Share with users who should only join that project.

Done! Users can now sign in securely with your SSO provider.