Generic SAML
Configure any SSO provider for Glean using SAML 2.0 authentication
If your SSO provider isn’t explicitly listed as supported in Glean, you can still configure SSO using the SAML parameters outlined in this guide. Single Sign-On (SSO) enables users to access multiple applications with one set of login credentials.
Prerequisites
Before beginning the setup process, ensure you have:
- An active administrator account in your SSO provider
- Access to your Glean admin account with Admin or Setup Admin roles
- Basic understanding of SAML 2.0 and SSO concepts
Glean limits SSO authentication to pre-approved domains. Ensure that you have notified Glean of all domains that will be used for user authentication (e.g., company.com, company.co.jp, subsidiary.co) or SSO will fail.
SSO Provider Configuration
Create a new SAML App
Create a new SAML application in your SSO provider’s management console.
You’ll need your tenant ID and/or tenant backend domain (format: tenant_name-be.glean.com).
You can find your tenant ID by following the instructions here. Contact Glean support if unsure.
Configure the following fields (some may not be required by your provider):
| Field | Value |
|---|---|
| Single Sign-On (SSO) URL | https://tenant_name-be.glean.com/authorization-code/callback |
| Recipient / Destination URL | https://tenant_name-be.glean.com/authorization-code/callback |
| ACS (Consumer) URL | https://tenant_name-be.glean.com/authorization-code/callback |
| Audience URI (SP Entity ID) | https://tenant_name-be.glean.com |
| Default RelayState | Leave blank |
| Login URL | https://tenant_name-be.glean.com/login |
| Logout URL | https://tenant_name-be.glean.com/logout |
| SAML initiator | Service Provider (Glean) |
| SAML signature element | Assertion |
| Name ID format | emailAddress |
| Sign requests? | True |
| X.509 signature | Standard Strength Certificate (2048-bit) |
| X.509 signature algorithm | SHA-512 |
Copy the IdP Metadata XML URL
Glean requires a publicly accessible IdP Metadata XML URL to configure SSO. Direct XML file uploads are not supported.
Glean Configuration
Configure SAML
- Navigate to Workspace Settings > Setup > Authentication
- Select Okta SAML from the SSO Providers list
You can use this option for any SAML provider - not just Okta.
- Paste your SAML Metadata URL into the Okta metadata URL field
The SAML Metadata URL must be publicly accessible. Contact Glean support if you need assistance with hosting.
- Click Save
Activate SSO
- Return to Authentication Settings
- Click Switch to Okta SAML SSO
- Confirm the switch
- Verify the status shows as Connected
If you don’t see the switch button, your Glean tenant may still be provisioning. You can proceed with connecting datasources and return later.
Testing the Configuration
To verify your SSO setup:
- Open a new Incognito or Private Browsing window
- Navigate to https://app.glean.com
- Enter your work email and click Log In
- Verify successful redirection to your SSO provider
Always test using a Private Window to ensure browser cache and existing sessions don’t affect the results.
Test both SSO phases
Two key phases need testing:
- Glean to SSO provider redirect
- SSO provider back to Glean redirect
If either phase fails, verify your configuration settings and ensure all domains are approved by Glean.
Was this page helpful?