Add an extra layer of security for your enterprise team with Single Sign-On (SSO). We currently offer SSO support for our customers on an Enterprise subscription. You can view subscription pricing here.
This guide will explain how to set up SSO. This service is compatible with any IdP that supports either SAML or OIDC protocols such as Okta, Azure Microsoft, Google, and OneLogin.
Getting Started with SSO
You need to be on our Enterprise Subscription in order to enable SSO for your space. To inquire about getting set up, contact our sales team.
- After we've activated SSO for your space, go to your Space Dashboard
- Click on the SSO tab on the left navigation
- Add your custom email domains (ex: @gather.town)
- NOTE: You will only be able to add domains once. If you need to edit or add domains in the future please reach out to your Customer Success Manager.
- Verify ownership of your custom domains
- Login to Your Domain Provider:
- Start by logging into the platform where you registered your domain, often referred to as your domain registrar or domain provider (e.g., GoDaddy, Namecheap, Bluehost).
- Navigate to DNS Management:
- Look for an option such as "DNS Settings", "DNS Management", or "Manage Domains".
- Locate the TXT Records Section:
- Within the DNS Management area, find the section that allows you to edit or add TXT records
- Add a New TXT Record:
- Click an option like "Add Record" or "Create Record".
- Select "TXT" from the record type dropdown, if prompted.
- In the "Host" or "Name" field, enter the email domain you’re verifying.
- Copy the verification code from the Gather SSO Dashboard
- In the "Value" or "Text" field, paste the verification code from the Gather SSO Dashboard
- Save Changes:
- Click "Save" or "Add Record" to apply the changes.
- Wait for Propagation:
- DNS changes might take some time to propagate across the internet. This can be anywhere from a few minutes to 48 hours, but often it's much faster. The exact time depends on your domain registrar and the TTL (Time To Live) setting for your DNS records.
- Verify on Gather:
- Once you've added the TXT record, go back to the Gather SSO Dashboard.
- Click their "Verify" button for the domain you’re verifying.
- Login to Your Domain Provider:
- Complete your SSO configuration with WorkOS (our 3rd party SSO provider). Tip: You can share this link with your security team to complete the setup.
- NOTE: After you complete setting up SSO with WorkOS all users who are signed in with one of your custom email domains will be signed out and will be required to sign back in via SSO.
- Once the setup is complete, SSO is enabled for your space and you are ready to test.
- Sign out of your Gather account
- Sign back in (make sure to click “Use single sign-on”) using one of your custom email domains
- Have a few of your teammates try signing in via SSO and give us a final thumbs up that everything is working.
Linking SSO for Multiple Spaces
Note: This allows members of your space to sign in via SSO once and become members of multiple spaces. You must be an admin of each space you want to link SSO for. This must be done in the browser.
- Follow the steps in the “Activating SSO” section above to activate SSO for your Space 1.
- Contact your Customer Success Manager to request SSO for additional spaces
- Go to Space 1’s Space Dashboard
- Click on the SSO tab in the left sided navigation bar
- Click on Link space and the Manage linked spaces modal will appear
- Go to Space 2 copy the space link (must be in a browser)
- Paste the Space 2 link into the Manage linked spaces modal, click “Add” and then click “done” to dismiss the Manage linked spaces modal
- Go to the Space 2 Space Dashboard
- Click on the SSO tab in the left sided navigation bar and you should see a card that says “SSO linked with” and a link to Space 1
- Now when members of your space sign in via SSO they will become members of both spaces
Do you support SCIM provisioning or remote provisioning?
- We currently do no support SCIM provisioning. Admins can manage member access from within Gather.
Which SSO protocols do you support?
- Gather SSO is compatible with any identity provider that supports either SAML 2.0 or OIDC protocols. This includes identity providers such as Okta, Azure, Google, and OneLogin.
Can members SSO once and gain access to multiple spaces?
- Yes refer to the “Linking SSO for Multiple Spaces” section of this article