Gremlin User Management¶
A Company is the top-level organizational unit in Gremlin. All resources including Clients, Users, and Templates are associated with a Company. Gremlin Users can belong to multiple Companies. You can switch between your Companies using the drop down in the top right.
Clients authenticate by providing the Company ID and secret. Contact your SUPER user for the secret key.
Visit Company Settings to see what Companies you belong to, to enable auto SSO invitation, and/or to reset your Company secret.
Users can be added and removed from Gremlin Users. If your Company uses Google Single-Sign on, you can configure your Company Settings to allow anyone within your organization to sign in with their email.
Two Factor Authentication (MFA)¶
Users can enable a second authentication factor for password based logins in Gremlin Settings under the Authentication tab. Currently, Time-based Token (Time-based One Time Passwords, TOTP) MFA is supported. An example of a compatible authenticator is the Google Authenticator, available on the Apple App Store and Google Play. Enabling and disabling MFA requires authentication.
Super users can require (force) MFA use for their users across their entire company. When force MFA is enabled all users who authenticate without MFA will be supplied with a secret key and QR barcode to setup their authenticator. Super users also have the ability to disable MFA for individual users within their company, useful in cases where a user loses their authenticator.
Companies who host their own SAML compatible Identity Provider (IDP) can utilize SAML sign-on for their users to authenticate with Gremlin. SAML provides your organization complete control over the users authentication process and experience. When using SAML, authentication requests are forwarded to your IDP, which performs authentication as your company specifies. Once a user is authenticated their details, such as their email address, are securely delivered to Gremlin and the user is granted access.
SAML configuration can be performed by super users in Gremlin Settings on the Authentication tab.
In order to configure your IDP for SAML please use our Service Provider (SP) metadata, available with the following command (replace
curl https://api.gremlin.com/v1/users/auth/saml/metadata?corpName=<COMPANY NAME>