Service-provider values
These go into your IdP’s SAML app. The portal shows the exact strings:| Field | Value |
|---|---|
| ACS URL (Reply URL) | shown in the SSO portal (https://auth.gecko.security/login/callback) |
| Entity ID (Audience) | shown in the SSO portal (ends in your auto-generated connection ID) |
| Name ID format | EmailAddress |
| Name ID value | the user’s work email |
| Attribute | Claim name | Required |
|---|---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | Yes | |
| First name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | Recommended |
| Last name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | Recommended |
| Groups | groups | Only for group-based role mapping |
Provider setup
Google Workspace
Google Workspace
Set this up in the Google Admin console at
admin.google.com as a super admin, not from
Gmail or a regular user account.
- Go to Apps → Web and mobile apps, then Add app → Add custom SAML app.
- Name the app (for example,
Gecko) and click Continue. - On Google Identity Provider details, copy the SSO URL and download the Certificate (or Download metadata). These are the IdP details you enter back in the SSO portal.
- On Service provider details, paste Gecko’s ACS URL and Entity ID
from the SSO portal. Set Name ID format to
EMAILand Name ID to Basic Information > Primary email. - On Attribute mapping, map First name and Last name to the given-name and surname claims above. Google has no single display-name field, so map the two separately; Gecko composes the name from them. (Primary email is already covered by the Name ID.) Click Finish.
- Open the app, click User access, and turn it On for everyone or the org units that should use Gecko.
Okta
Okta
In the Okta admin console: Applications → Create App Integration → SAML 2.0.
Enter Gecko’s ACS URL and Entity ID from the SSO portal, set the
Name ID and attributes, then assign users. The app’s Sign On tab exposes
the identity provider metadata URL you enter back in the portal.
Microsoft Entra ID
Microsoft Entra ID
In the Entra admin center: Enterprise applications → New application → Create
your own application (non-gallery). Under Single sign-on → SAML, enter
Gecko’s ACS URL (Reply URL) and Entity ID from the SSO portal, configure
the claims, then assign users. The SAML Certificates section holds the
Federation Metadata XML you enter back in the portal.