Skip to main content

SSO Authentication

SSO authentication is the default authentication method for the Glean Web SDK. When users interact with Glean components, they see a login button that opens your organization's SSO authentication flow in a popup window. This approach is ideal for enterprise deployments where users already have Glean accounts.

How It Works

The SSO authentication flow follows these steps:

  1. User Interaction: User clicks on a Glean component (search box, chat, etc.)
  2. Login Prompt: If not authenticated, user sees a login button
  3. SSO Flow: Clicking the login button opens an SSO authentication popup
  4. Email Entry: User enters their work email address
  5. SSO Redirect: User is redirected to your organization's SSO provider
  6. Authentication Complete: After successful SSO login, the popup closes and the user can access Glean

Installation & Setup

1

Install the Web SDK

npm install @gleanwork/web-sdk

Import in your application:

import GleanWebSDK from '@gleanwork/web-sdk';
2

Render a Component

SSO authentication is the default - no auth configuration is required:

GleanWebSDK.renderSearchBox(document.getElementById('search-container'), {
  backend: 'https://{your}-be.glean.com/'
});

Optimizing the Authentication Flow

Skip Email Entry

You can bypass the email entry step by providing the backend parameter (shown in examples above). This routes users directly to your SSO provider:

{
  backend: 'https://{your}-be.glean.com/'  // Skip email entry
}

When the backend is specified, the authentication flow becomes:

  1. User clicks login button
  2. Immediately redirected to SSO provider (no email entry)
  3. Complete SSO authentication
  4. Access Glean

When to Use SSO Authentication

SSO authentication is ideal when:

  • Users Have Glean Accounts: Your audience consists of employees or members provisioned in your Glean instance
  • Enterprise Deployments: You're building internal applications, intranets, or employee-facing tools
  • SSO Compliance Required: Your security policies require users to authenticate through your SSO provider
  • Third-Party Cookies Enabled: Users' browsers allow third-party cookies (see warning below)

Prerequisites

Before implementing SSO authentication:

  • ☑️ Users are provisioned in your Glean instance with active accounts
  • ☑️ SSO is configured for your Glean deployment
  • ☑️ Backend URL is known - your Glean backend domain (format: {company}-be.glean.com)

Complete React Example

Here's a full example using React:

import { useEffect, useRef } from 'react';
import GleanWebSDK from '@gleanwork/web-sdk';

function SearchComponent() {
  const searchRef = useRef<HTMLDivElement>(null);

  useEffect(() => {
    if (!searchRef.current) return;

    // Render search box with SSO auth (default)
    GleanWebSDK.renderSearchBox(searchRef.current, {
      backend: 'https://your-company-be.glean.com/',
      searchBoxCustomizations: {
        placeholderText: 'Search your company...'
      }
    });
  }, []);

  return <div ref={searchRef} />;
}

export default SearchComponent;
warning

SSO authentication relies on browser cookies. When third-party cookies are blocked, users will be prompted to enable Glean's access. To avoid user prompts, implement server-to-server (i.e. token-based) authentication instead.

See Third-Party Cookie Management for details.

Troubleshooting

Users see login prompt repeatedly:

  • Check that third-party cookies are enabled in the browser
  • Verify your Glean backend URL is correct
  • Consider implementing Server-to-Server Authentication for better cross-browser compatibility

Login popup doesn't close:

  • Ensure popup blockers are disabled for your domain
  • Verify SSO configuration in your Glean admin panel
  • Check browser console for error messages

Users see "Unauthorized" errors:

  • Confirm users are provisioned in your Glean instance
  • Verify SSO is configured correctly
  • Check that the backend URL matches your deployment