Single Sign-On (SSO)
GIRITON allows users to log in using a username and password, and also offers logging in via Single Sign-On. If your company uses SSO, there is no need to create separate usernames and passwords for users in GIRITON. In a single corporate account, you can have users who exclusively log in via SSO, users who exclusively log in using a username and password, and users who can log in either via SSO or a username and password.
To determine which user can log in using SSO, you can set it in the Human Resources agenda on the Web Application Account tab by activating the checkbox SSO Login Enabled.
When logging in to GIRITON via SSO, the user's login from SSO is compared to the login in GIRITON. For example, suppose your SSO login is "vas@login.com". In that case, you need to have the same login filled in GIRITON in the Human Resources agenda on the Web Application Account tab (you do not need to fill in a password if the user is only logging in via SSO).
Microsoft Entra ID (formerly AzureAD, Azure Active Directory)
In the Azure portal, select the Entra ID account from which you will need the following information: Directory (Tenant) ID, Application (client) ID, and App secret. In the Azure portal, you can generate these details by following these steps. Note that when filling in the "Redirect URI", please provide the web address of your attendance account (in the format "https://yourcompany.giriton.com"), including "https://" at the beginning.
For GIRITON web applications, log in as a user with Administrator permissions. Go to User Menu > Settings and switch to the SSO Login tab in the dialog. Fill in all the values from Entra ID as mentioned above and save the changes. This will activate the option to log in to GIRITON via SSO. A "Log in with Microsoft Azure AD" button will be added to the GIRITON login dialog.
Okta
Go to Applications > Create App Integration > OIDC - OpenID Connect > Web Application in the Okta administrative. Fill in the following options here:
- App integration name: GIRITON SSO
- Grant type: Authorization Code, Refresh Token
- Sign-in redirect URIs: fill in the web address of your attendance account (in the format "https://vasefirma.giriton.com") including "https://" at the beginning.
- Sign-out redirect URIs: fill in the web address of your attendance account (in the format "https://vasefirma.giriton.com") including "https://" at the beginning.
- Assignments: Controlled access: set as needed
Save changes.
Subsequently, you will need the following data from the newly created Okta Application:
- Client ID (something like 1pdb2iqetsRn46OaW789)
- Client Secret (appears after clicking the "eye" icon)
- Client URL (something like trial-7366426.okta.com, or another domain of yours from Okta)
Log in to the GIRITON web application as a user with Administrator rights. Go to User Menu > Settings and switch to the SSO Login tab in the dialog. Fill in all the values from Okta see above and save the changes. You have thus activated the option to log in to GIRITON via SSO. The "Log in via Okta" button will be added to the GIRITON login dialog.
Google SSO
We offer two options for SSO login via Google accounts, more specifically "Google" and "Google Workspace".
Select this option if you want to allow SSO login to any user whose email is registered with Google (whether as Google freemail xxx@gmail.com, or Google accounts on Google Workspace). This option is usually selected if you do not have a corporate Google Workspace account on which all your users (who should have SSO active) should have created their account.
In this option, you do not need to fill in anything else.
Google Workspace
Select this option if you have a corporate Google Workspace account on which all your users (who should have SSO active) have created an account.
In this option, you need to fill in your "OAuth Client ID" and "Client Secret".
- You can get this information after logging into the Google Cloud console (as an administrative user) at https://console.cloud.google.com/auth/clients
- Create a new OAuth according to https://support.google.com/cloud/answer/10311615
- When selecting "User type", select "Internal" so that only users of your own Google Workspace account can log in.
- In the Clients section add a new Client of the "Web application" type which you name, for example, "Giriton SSO login".
- In the "Authorized redirect URIs" section, add "https://yourcompany.giriton.com", or the address at which you log in to your GIRITON account.
- Save the new Client.
- For the newly added Client, click on the "pencil" icon (Edit OAuth Client).
- In the new window, copy the "Client ID" and "Client secret" to the Giriton application.