Overview
Dedicated Login Pages
Custom
gumloop.com/org login portals for your organizationSAML Authentication
Enterprise SSO via Okta, Entra ID, Google AD, and more
SCIM Provisioning
Automated user provisioning and permission group sync
Dedicated SSO Login Pages
Enterprise customers can request a dedicated login page atgumloop.com/{your-org}. This provides a branded entry point for your organization’s users with configurable authentication options.
To request a custom login page, contact [email protected]. Delivery is typically within a few hours after SAML connection setup.
Available Authentication Methods
Organizations can choose which authentication providers to enable or restrict:| Provider | Description | Recommendation |
|---|---|---|
| SAML SSO | Enterprise identity providers (Okta, Entra ID, etc.) | Recommended for enterprise |
| Google SSO | Sign in with Google Workspace | Suitable for Google-based organizations |
| Microsoft SSO | Sign in with Microsoft 365 | Suitable for Microsoft-based organizations |
| Email/Password | Traditional username and password | Not recommended for enterprise |
SAML Configuration
SAML (Security Assertion Markup Language) enables enterprise single sign-on through your organization’s identity provider.Supported Identity Providers
Okta
Microsoft Entra ID
Google Workspace
JumpCloud
Ping Identity
Active Directory
Setting Up SAML
1
Access SSO Settings
Navigate to gumloop.com/settings/organization/sso
SAML & SCIM settings require organization admin privileges and an enterprise subscription.
2
Generate Setup Link
Click Generate Setup Link to create a SAML connection configuration. This generates the SP (Service Provider) details needed for your identity provider.
3
Configure Your Identity Provider
Use the generated details to configure a SAML application in your IdP. For step-by-step instructions, see the guides for your provider:
4
Request Custom Login Page
After completing SAML setup, contact [email protected] to request your dedicated login page at
gumloop.com/{your-org}.SP-Initiated vs IdP-Initiated Login
Gumloop supports SP-initiated login only. This means users must start their login flow from Gumloop (the Service Provider) rather than from your identity provider’s app dashboard.- How It Works
- IdP Tiles & Bookmarks
SP-Initiated Flow:
- User navigates to
gumloop.com/{your-org} - Clicks the SSO login button
- Redirects to your IdP for authentication
- Upon successful auth, returns to Gumloop with a valid session
For more technical details on SP vs IdP-initiated SSO, see SSOReady’s guide.
SAML Best Practices
Use SP-Initiated Login
Configure IdP tiles to redirect to your Gumloop login page rather than using IdP-initiated flows
Disable IdP-Initiated
Prevent IdP-initiated logins in your IdP settings to avoid session handling issues
Test Before Rollout
Verify the SAML connection with test users before enabling for your entire organization
Document for Users
Provide clear instructions to users on how to access Gumloop via your organization’s login page
SAML vs SCIM: User Provisioning
- SAML (JIT Provisioning)
- SCIM (IdP Provisioning)
Just-In-Time (JIT) ProvisioningWith SAML alone, users are provisioned when they first log in:
- User authenticates via SAML for the first time
- Gumloop automatically creates their account on successful auth
- No pre-provisioning or advance user management
SCIM Provisioning
SCIM (System for Cross-domain Identity Management) enables automated user provisioning, deprovisioning, and permission group synchronization between your identity provider and Gumloop.SCIM is an add-on feature. Contact [email protected] to request SCIM enablement for your organization. The team will evaluate your use case to determine if SCIM is the right solution for your needs.
What SCIM Provides
Automated User Provisioning
Automated User Provisioning
When users are assigned to the Gumloop application in your IdP, they are automatically provisioned in Gumloop. Users appear in your organization’s member list and can be viewed before they first log in (pre-provisioning).
Automated Deprovisioning
Automated Deprovisioning
When users are removed from the Gumloop application in your IdP, they are automatically deprovisioned—removing their access and freeing up seats.
Permission Group Sync
Permission Group Sync
IdP groups can be mapped to Gumloop permission groups, enabling centralized access control management.
Setting Up SCIM
1
Request SCIM Enablement
Contact [email protected] to have SCIM enabled for your organization. The team will evaluate your use case to ensure SCIM is the right solution.
2
Generate SCIM Credentials
Once enabled, navigate to gumloop.com/settings/organization/sso and use Generate Setup Link to create SCIM directory credentials.
3
Configure Your Identity Provider
Set up SCIM provisioning in your IdP using the base URL and bearer token from Gumloop. See provider-specific guides:
SCIM is currently supported for Okta and Microsoft Entra ID only.
4
Create Permission Group Mappings
Before enabling sync, create matching permission groups in both your IdP and Gumloop. Map IdP groups to Gumloop permission groups in the SSO settings.
5
Enable Directory Sync
Select your SCIM directory on the
/sso page and enable synchronization. You can trigger manual syncs or configure automated periodic syncs.Permission Group Mapping
- How It Works
- Single Group Membership
Permission groups in your IdP are mapped to permission groups in Gumloop. When users are synced, they inherit the permissions of their mapped group.Important considerations:
- If no group mappings exist, all synced members join the default group
- Create groups in your IdP first, then map them to Gumloop groups
- Group names don’t need to match exactly—you define the mapping
Sync Operations
| Trigger | Description |
|---|---|
| Scheduled | Automatic periodic sync (configurable frequency) |
| Manual | On-demand sync triggered by organization admin |
Pre-Provisioned Users
Users assigned to Gumloop in your IdP are visible in your organization’s member list before they log in for the first time. This enables:- Advance seat planning
- Pre-assigning users to workspaces
- Visibility into pending onboarding
Pre-provisioned users don’t consume active seats until they complete their first login.
SCIM Best Practices
Create Groups First
Set up permission groups in both your IdP and Gumloop before enabling sync to avoid all users landing in the default group
Define Group Priority
Establish an ordered priority for permission groups to handle users in multiple IdP groups
Test with Pilot Group
Enable SCIM for a small test group before rolling out to the entire organization
Monitor Audit Logs
Review SCIM-related audit events to verify provisioning is working as expected
SCIM Audit Events
SCIM operations are tracked in your organization’s audit logs:| Event | Description |
|---|---|
SCIM_SYNC_STARTED | Directory sync operation initiated |
SCIM_SYNC_COMPLETED | Sync completed with summary stats |
SCIM_SYNC_FAILED | Sync failed with error details |
SCIM_USER_PROVISIONED | New user provisioned via SCIM |
SCIM_USER_DEPROVISIONED | User removed via SCIM |
SCIM_USER_PERMISSION_GROUP_CHANGED | User’s group membership updated |
Security & Compliance
Gumloop’s SSO implementation follows industry security standards:SOC 2 Type II
Certified compliance with SOC 2 Type II controls for security, availability, and confidentiality
SAML 2.0
Industry-standard SAML 2.0 protocol for secure assertion exchange
Encrypted Transit
All authentication traffic encrypted via TLS 1.3
Session Management
Configurable session timeouts and secure token handling
Related Resources
Custom User Roles
Configure granular permissions for synced users
Audit Logging
Monitor authentication and provisioning events
Okta Integration
Configure Okta for service authentication (Snowflake, NetSuite)
Organization Roles
Understand organization member roles and permissions
Need Help?
- Setup Assistance: Contact [email protected]
- SCIM Enablement: Request via [email protected]
- Identity Provider Docs: SSOReady Configuration Guides