Custom Single Sign-On (SSO) lets your users authenticate to Gatling Enterprise Edition using your organization’s existing identity provider instead of Gatling-managed credentials. Once configured, users navigate to the Gatling Enterprise login page, click your organization’s SSO option, and are redirected through your identity provider’s standard authentication flow. This simplifies user lifecycle management—account creation, deactivation, and MFA enforcement are all handled by your IdP.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/gatling/gatling.io-doc/llms.txt
Use this file to discover all available pages before exploring further.
Custom SSO is only available on the Gatling Enterprise enterprise plan and must be configured with assistance from the Gatling support team. Open a ticket via the support portal before starting any configuration on your identity provider.
Currently, Gatling Enterprise only supports SSO systems that are accessible on the public internet. On-premises identity providers that are not publicly reachable are not supported.
Before you start
If your organization already has users on Gatling Enterprise, switching to SSO requires re-inviting all users—their accounts are linked to your new SSO after they accept the re-invitation. Your existing data (teams, tests, reports, API tokens) is not affected by the SSO configuration.Information required by Gatling support
Provide the following to the support team when opening a ticket:- Organization name and slug — visible in Organization Settings
- SSO-specific configuration — see the relevant section below for your identity provider
- A user to designate as the initial global administrator — this user will sign in first after SSO is enabled to bootstrap the re-invitation process
Supported protocols
- OpenID Connect (OIDC)
- SAML v2.0
- Google
- GitHub
- GitLab
OIDC v1.0 is the recommended protocol. Most modern identity providers support it. Your IdP typically publishes its metadata at a well-known URL:Information Gatling needs from you:For example, if your organization slug is
- OIDC metadata URL
- Client authentication method (client secret as POST, Basic Auth, or JWT)
- Client ID and client secret
acme-corp:Azure Active Directory (Azure AD) via OIDC
- In Azure AD, create an App Registration for Gatling Enterprise Edition
- Configure which accounts are permitted to connect (e.g., accounts in your tenant only)
- Locate the metadata URL: Overview → Endpoints → OpenID Connect metadata document
- Generate a client secret: Certificates & secrets → Client secrets → New client secret
- Configure the redirect URI: Overview → Add a redirect URI
- Send Gatling support the metadata URL, client ID, and client secret
Okta via OIDC
- In Okta, create a new App Integration with sign-in method OIDC and application type Web Application
- Copy the client ID, client secret, and Okta domain (the metadata URL derives from the domain)
- Configure the redirect URI in the app integration settings
- Send Gatling support the metadata URL, client ID, and client secret
SSO group mapping
SSO group mapping lets you automatically assign Gatling Enterprise roles based on a user’s group memberships in your identity provider. This eliminates the need to manually manage role assignments whenever your team structure changes.SSO group mapping is only available with the OIDC protocol.
Configuring the IdP
Add agatling-groups claim to your OIDC token that returns the complete list of groups to map. You can attach this claim to the standard openid scope—no custom scope is required.
Defining group mappings via API
Use the Gatling Enterprise Public API to define how SSO groups map to roles. Three mapping patterns are supported:When a user belongs to multiple SSO groups, they receive the highest level of access from all applicable mappings.