🔐 What is SSO?
Single Sign-On (SSO) allows your employees to sign in to GoodCompany using your organization's existing identity provider (IdP), such as:
- Microsoft Azure AD
- Okta
- Google Workspace
- ADFS
- Ping Identity
- Any SAML 2.0-compatible provider
With SSO enabled, users no longer need to manage separate login credentials for GoodCompany. ---
⚙️ Supported Protocols
We support the following protocols:
- SAML 2.0 (standard)
- OpenID Connect (OIDC) (upon request)
If you're not sure which one your system uses, we’ll help you confirm during setup. ---
🧩 How to Set Up SSO
- Contact Us: Email support@goodcompany.org or reach out to your Customer Success Manager to initiate setup.
-
Share Your IdP Details: Provide the following:
- SSO Login URL
- Entity ID / Issuer
- X.509 Certificate (base64)
- Attribute mapping (email, first_name, last_name)
- Test & Launch: We’ll configure a test environment and verify everything before enabling SSO for your users.
---
🔄 Just-in-Time (JIT) Provisioning
GoodCompany supports JIT provisioning. This means if a user does not yet exist in the platform, their account will be created automatically on first SSO login based on the attributes passed from your IdP. ---
🛠 Troubleshooting
| Issue | Resolution |
|---|---|
| ❌ “Unauthorized” error | Verify that the user’s email domain is correctly mapped to your company in GoodCompany. |
| 🔁 Login loop | Check the SSO certificate and entity ID configuration. |
| ⚠️ “Account not found” | Ensure JIT is enabled and email mapping matches your IdP. |
For further troubleshooting, please share:
- A HAR file of the login attempt
- The email of the affected user
- Timestamps and any relevant screenshots
---
🆘 Need Help?
We're here to help. Reach out to [support@goodcompany.org](mailto:support@goodcompany.org) or your Customer Success Manager.