SSO
This option allows you select either
Google
, Microsoft (Azure)
or SAML
based login for viewers.When you use this, you have three options:
- Public - all people with valid (google or azure based on your selection) accounts are allowed to access your deployment.)
- Filter By domain - all people with valid google or azure based accounts on the domain that you have set are allowed to access your deployment.
- Filter By viewer list - all accounts google or azure based accounts in your viewer list are allowed to access your deployment.

viewer group enterprise
This is a viewer group authentication mechanisms support for the Security Assertion Markup Language.
Any SAML identity provider (IdP) can be configured to be used for authentication of a viewer.
To enable this, head over to the
Viewer Group
page, then:- 1.Select SSO as your
Login Method
. - 2.Now select
SAML
from theProvider
drop-down menu. - 3.After this, you will be asked to provide your SAML IdP configuration.
You should see the config as follows:

SAML viewer group
- 1.Enter your IdP's
entityId
,SSO redicrection URL
andX.509 signing certificate
. - 2.Click the
Save
button to finally save your configuration. - 3.To register GMetri as a service provider (SP) with your IdP, you will need the configuration details. You can get these details by clicking the
Download GMetri's SAML Metadata
button.
You can find sample metadata configuration here under the
SAMLtest's IdP
section. This will give you an idea of what you need to paste in the boxes for the SAML config.NOTE on pasting X.509 certificate
Please paste certificate without the
----BEGIN CERTIFICATE----
and ----END CERTIFICATE----
part.Once you create a SAML viewer group, head to your deployment and set this viewer group as the authentication mechanism for that deployment.
- Once you open a viewer link for deployment with a SAML SSO based viewer group, you will see a pop-up with the IdP's login page.
- Post-IdP login process, you will be redirected back to
view.gmetri.com
. - We use your
email address
sent to us by theIdP
as the primary identifier for the viewer session.

SAML viewer IdP login
- Name Identifier format:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- In IdP
SAMLResponse
we look for the following attributes:
Friendly name | Name | NAMEFORMAT |
---|---|---|
Email | email /mail | urn:oasis:names:tc:SAML:2.0:attrname-format:uri |
Display Name | displayname / urn:oid:2.16.840.1.113730.3.1.241 | urn:oasis:names:tc:SAML:2.0:attrname-format:uri |
SAML authentication will not be successful unless the
IdP
returns your email
in its SAML response.Last modified 6mo ago