User Management and Authentication

This page describes how to manage human users, who authenticate via the Gremlin UI. To read about how Gremlin clients authenticate to the Gremlin API, see Client Authentication.

Company

The Company is the top-level organizational unit in your Gremlin account. All other resources—including Clients, Users, and Templates—belong to a Company, and Users can belong to multiple Companies. You can switch between your Companies using the dropdown in the top right.

Visit Company Settings to see what Companies you belong to, to enable auto SSO invitation, and/or to reset your Team Secret.

Users

Users can be added and removed from Gremlin Users. If your Company uses Google Single-Sign on, you can configure your Company Settings to allow anyone within your organization to sign in with their email.

Two Factor Authentication (MFA)

Users can enable a second authentication factor for password based logins in Gremlin Settings under the Authentication tab. Currently, Time-based Token (Time-based One Time Passwords, TOTP) MFA is supported. An example of a compatible authenticator is the Google Authenticator, available on the Apple App Store and Google Play. Enabling and disabling MFA requires authentication.

Super users can require (force) MFA use for their users across their entire company. When force MFA is enabled all users who authenticate without MFA will be supplied with a secret key and QR barcode to setup their authenticator. Super users also have the ability to disable MFA for individual users within their company, useful in cases where a user loses their authenticator.

SAML SSO

Companies who host their own SAML compatible Identity Provider (IDP) can utilize SAML sign-on for their users to authenticate with Gremlin. SAML provides your organization complete control over the users authentication process and experience. When using SAML, authentication requests are forwarded to your IDP, which performs authentication as your company specifies. Once a user is authenticated their details, such as their email address, are securely delivered to Gremlin and the user is granted access.

SAML configuration can be performed by super users in Gremlin Settings on the Authentication tab.

In order to configure your IDP for SAML please use our Service Provider (SP) metadata, available with the following command (replace with your company name):

curl https://api.gremlin.com/v1/users/auth/saml/metadata?companyName=<COMPANY NAME>