Skip to main content

Gryphon AI Single Sign-On (SSO) Implementation Guide

Last Update: June 2nd, 2025

This guide provides instructions for implementing SSO with our platform. For specific configuration details or troubleshooting assistance, please open a ticket with our Support team by emailing support@gryphon.zendesk.com
 

Overview

Single Sign-On (SSO) with Gryphon AI utilizes a SAML 2.0-based authentication process, enabling users to authenticate through their organization’s identity provider (IdP). This ensures that only authorized users gain access and allows flexibility in user provisioning based on the Gryphon AI platform’s existing user base.

 

Supported SSO Providers

  • Any identity provider that supports SAML 2.0
    • Examples include Okta, Azure AD, Entra ID, Google Workspace, etc.
  • Gryphon AI does not use federated login buttons (e.g., “Log in with Google”), as authentication is initiated from the client’s IdP.

 

Technical Requirements

Client must provide:

  • List of domains to be SSO-enabled
  • SAML metadata file in text format (returning our metadata is also required)
  • List of users (to determine user match vs. provisioning behavior)
  • Selected user identifier (e.g., email, employee ID)
  • Information about user provisioning behavior:
    • Auto-create users – New user accounts are created during login based on incoming SAML attributes.
      • Note: This requires a detailed mapping document outlining field names and logic for account creation. It increases implementation effort and requires additional testing.
    • Match existing users only – Access is granted only if the user already exists in Gryphon AI.
      • Note: This is a lower-effort option and typically results in faster implementation.

 

Implementation Process

Estimated timeline: 6–8 weeks but can vary by client.

Gryphon AI will provide:

  • SAML metadata files for both Integration and Production environments
  • Support throughout configuration, testing, and launch

Steps:

  1. Identify the platform, identifier, and data attributes to pass
  2. Exchange metadata files (Gryphon AI INT & Prod, Client’s SAML metadata)
  3. Client configures Gryphon AI as an SAML app in their IdP
  4. Test SSO in the Integration environment
  5. Repeat testing in Production
  6. Go live

 

Security Best Practices

  • Use SSL/TLS for all SSO endpoints
  • Rotate SAML certificates before expiration
  • Monitor failed login attempts for potential misuse
  • Configure proper session timeout values

 

FAQs

Can we whitelist SSO access by IP address?

No, Gryphon AI does not currently support IP whitelisting for SSO access.

Can we have a custom log-out page?

Gryphon AI is unable to create a custom log-out page, but we do provide a universal log-out page for all SSO customers.

Can attribute values contain spaces or special characters?

Yes. While attribute names (e.g., FirstName, LastName, Email) must not contain spaces, the values can include spaces and dashes. For example, a first name like “Mary Kate” or a last name like “Day-Lewis” can be sent as-is in the attribute value.

How do we update our SAML certificate with Gryphon AI?

To update your SAML certificate, please submit a ticket to Gryphon AI Support (support@gryphon.zendesk.com). Our team will coordinate with engineering to complete the update.

What’s needed:

  • The new Production certificate key (in text format)
  • The date and time the update should occur
    • Note that updates can only be made during business hours

Best Practice: Please notify us at least 24 business hours in advance to ensure a smooth transition.

  • Mon – Fri: 8 am – 6 pm ET
  • Sat – Sun: 9 am – 5 pm ET

Related to

Was this article helpful?
Powered by Zendesk