Setup process

  • Configure SSO on your end using parameters from the instructions below
  • Provide the following inputs:
    • Client’s XML metadata file
    • The domain(s) of the emails
    • Nameid policy -- required for correct authorization on the service provider side
    • Names of the attributes as specified in your IDP for first name, last name, email, and phone (optional)
  • Once shared, we will configure the SSO on our side
  • Test the connection

General SSO application configuration

Requested informationInformation
Preferred Single Sign-On (SSO) ProfilesIDP-initiated SSO -- via Identity Provider
SP-Initiated SSO -- via Service Provider
Vendor entity unique IDhttps://global-auth.gett.com
SCIM support (System for Cross-domain SSO)No
Supports automatic MetaData Exchange?No, we require a manual exchange
Separate NON-PROD and PROD environments?No
Dynamic User Provisioning Required?Yes, please follow the SAML response standards
Base vendor URL (Audience)https://global-auth.gett.com
Endpoint URLsAssertion Consumer Service (Login) URL:
https://business.gett.com/saml/acs/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19

Single Logout URL:
https://business.gett.com/saml/slo/dc5a44f2-8637-11eb-a9c3-06cceb650d19.4b721266-8638-11eb-a9c4-06cceb650d19
Preferred SAML BindingPOST

Assertion Configuration

Attribute (Claim) nameRequiredSAML IDP request response example
First NameYes<saml:Attribute Name="FirstName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">FirstName
</saml:AttributeValue>
</saml:Attribute>
Last NameYes<saml:Attribute Name="LastName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">LastName
</saml:AttributeValue>
</saml:Attribute>
EmailYes<saml:Attribute Name="Email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">[email protected]
</saml:AttributeValue>
</saml:Attribute>
PhoneNo<saml:Attribute Name="PhoneNumber"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">972500033333
</saml:AttributeValue>
</saml:Attribute>
  • KeyInfo must be included in the assertion
  • Email is a primary identifier for all users