Single sign-on (SSO)
Gamut supports single sign-on (SSO) via OpenID Connect (OIDC), so people sign in with their corporate credentials and your existing identity process governs access.
Why use SSO
Section titled “Why use SSO”- One set of credentials. People sign in with the account they already use.
- Centralised control. Access follows your joiner / mover / leaver process in your identity provider.
- Stronger security. You apply your own MFA and conditional-access policies at the identity provider.
How it works
Section titled “How it works”SSO is configured per workspace by an administrator, using the standard OpenID Connect authorization code flow:
- In your identity provider, register Gamut as an application and obtain the connection details (discovery URL, client ID and client secret).
- In Gamut, open the Administration → SSO panel and enter those details.
- Save the configuration. Once configured, the sign-in page offers a Sign in with SSO option.
- People authenticate at your identity provider and are returned to Gamut, where their account is provisioned from the verified identity.
Connection secrets are stored encrypted. Gamut verifies identity tokens cryptographically on each sign-in.
Supported providers
Section titled “Supported providers”Any standards-compliant OpenID Connect identity provider can be used, for example the major enterprise identity platforms. If your provider supports the OpenID Connect authorization code flow with discovery, it will work with Gamut.
Roles with SSO
Section titled “Roles with SSO”SSO governs authentication, proving who someone is. Their authorisation in Gamut is still controlled by roles within the workspace.
- Users & roles: control what authenticated users can do.
- Workspaces & tenancy: where SSO is configured.