Grammarly - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Grammarly using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Grammarly, ensure you meet the following requirements:
- Grammarly Business, Grammarly Pro, or Grammarly for Education account with the admin role or a designated custom role
- MPAS Admin rights
- Make sure that all users intended to use SSO in Grammarly are registered in your IdP and have the necessary permissions to access Grammarly.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Grammarly - SSO configuration
Step - 1 Configuring SAML SSO in Grammarly (Service Provider)
To enable SAML SSO in Grammarly using Multi-Pass as your Identity Provider (IdP), follow these steps from your Grammarly Admin Dashboard:
- Go to your Admin Dashboard.
- Click on your account and select the Authentication tab.
- Enable the SAML-based SSO option.
- Complete the required fields with the following information:
| Field | Value |
|---|---|
| IdP Entity ID | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| SSO Login URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| x.509 Certificate | Found in Multi-Pass > Realm Settings > RS256 > Certificate |
Grammarly also provides an optional method to download or copy metadata for easier configuration.
| Field | Value |
|---|---|
| Entity ID (SP) | https://sso.grammarly.com/saml/metadata |
| ACS URL (Reply URL) | https://grammarly.com/sso/acs |
Step 2 - Configuring Multi-Pass (Identity Provider)
To configure Multi-Pass as the Identity Provider for Grammarly:
- Select your tenant.
- Go to Integrations > Applications.
- Under the SAML tab, start a new configuration with the following values:
| Field | Value |
|---|---|
| Audience URI / SP Entity ID / Issuer | https://sso.grammarly.com/saml/metadata |
| Single Sign-On URL | https://sso.grammarly.com/saml/assertion |
| Name ID Format | EmailAddress |
- Click Add Integration, then go to the Advanced Console.
- In Clients, search for Grammarly and verify the following:
| Field | Value |
|---|---|
| Client ID | https://grammarly.com |
| Name | grammarly |
| Description | SSO integration |
| Always Display in UI | ON |
Access Settings
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/grammarly |
| Valid Redirect URIs | https://grammarly.com/sso/acs |
| IDP-Initiated SSO URL Name | grammarly |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the Keys tab and make sure that both parameters are switch to OFF
- Then move to the advanced settings and verify :
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs =
https://grammarly.com/sso/acs
Attribute Mapping
In the Client Scopes section, add the following mappers:
Email
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | EmailAddress |
| User Attribute | |
| Friendly Name | EmailAddress |
| SAML Attribute Name | EmailAddress |
First Name
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | FirstName |
| User Attribute | firstName |
| Friendly Name | FirstName |
| SAML Attribute Name | FirstName |
Last Name
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | LastName |
| User Attribute | lastName |
| Friendly Name | LastName |
| SAML Attribute Name | LastName |
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Rocket.chat - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Rocket.chat using MPAS. SSO simplifies user authentication by allowing access to multiple ...Wrike - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...ConnectWise - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for ConnectWise using MPAS. SSO simplifies user authentication by allowing access to multiple ...SuperOps - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for SuperOps using MPAS. SSO simplifies user authentication by allowing access to multiple ...