Category view
SSO integration
Link Copied
Published on Jan 15, 2026
Single Sign-On (SSO)
Gfacility offers multiple authentication protocols, including OpenID Connect and SAML 2.0. As identity providers, we support OneLogin and Microsoft Entra ID (formerly Azure Active Directory), among others.
Why configure SSO?
SSO provides a secure and standardized way to manage user access. It ensures that only authorized users have access, increases the security level, and makes logging in frictionless for employees.
app.gfacility.com) and our UAT/Test environment (uat.gfacility.com).
1. Configuration via OpenID Connect
OpenID Connect is a protocol that allows users to authenticate with an external identity provider via standard APIs. To set this up, we need the following details from your application registration:
- Application (Client) ID: A unique identifier for your application (available in the Microsoft Entra admin center).
- OAuth 2.0 authorization endpoint: The URL where the user is directed for authentication.
- Directory (tenant) ID: The ID of the Entra ID tenant where your application is registered.
- Client credentials: The client ID and client secret used to authenticate your application.
- Redirect URI: The URL for the provider after authentication. Depending on the environment, this is:
- Production:
https://app.gfacility.com/login/sso - UAT:
https://uat.gfacility.com/login/sso
- Production:
Important considerations
- Users must be explicitly assigned to the application in Entra ID before they can use SSO.
- Ensure that the “ID tokens” checkbox is selected under the “Authentication” tab.
2. Configuration via SAML 2.0
SAML 2.0 is an XML-based authentication protocol. Follow these steps to integrate SAML 2.0 with Gfacility via Microsoft Entra ID:
In the Microsoft Entra admin center, go to Applications > Enterprise applications | All applications.
Open the Azure AD SAML Toolkit. If it is not present, click on + New application to add it.
Click on Single sign-on in the left menu.
Click Edit in the Basic SAML Configuration section. Enter the following details (replace {companyname} with your organization’s name):
- Identifier (Entity ID):
https://app.gfacility.com/api/sso/{companyname}/metadata - Reply URL (ACS):
https://app.gfacility.com/api/sso/{companyname}/acs - Sign on URL:
https://app.gfacility.com/login/sso
- Identifier (Entity ID):
https://uat.gfacility.com/api/sso/{companyname}/metadata - Reply URL (ACS):
https://uat.gfacility.com/api/sso/{companyname}/acs - Sign on URL:
https://uat.gfacility.com/login/sso
To complete the configuration, we need the following details from you:
- From Step 3 (SAML Certificates): The App Federation Metadata Url.
- From Step 4 (SAML Toolkit): The Login URL, Microsoft Entra Identifier, and Logout URL.
Do not forget: Just like with OpenID Connect, users or groups must be explicitly assigned to this enterprise application in Entra ID before they can log in successfully.
Once you have provided the configuration details to us, we will finalize the setup in Gfacility to establish a secure connection with your tenant.
Need more information? Check out this Microsoft article for a comprehensive guide.
Logging in with SSO
Once SSO is successfully configured, users can select “Log in with SSO” on the login screen. To make it even easier, you can also direct users straight there using specific URLs:
Auto-detection URL
The user enters their email address once. This is saved in cookies for automatic login during subsequent visits.
https://app.gfacility.com/login/sso?email=auto
UAT:
https://uat.gfacility.com/login/sso?email=auto
Specific URL
You provide the email address directly in the URL (e.g., via an intranet). The user does not need to enter anything.
https://app.gfacility.com/login/[email protected]
UAT:
https://uat.gfacility.com/login/[email protected]