1. Home
  2. Applications
  3. ChatGPT
  4. Enable SSO for ChatGPT
Searching...

Enable SSO for ChatGPT

Contents

Purpose

ChatGPT offers single sign-on via a SAML integration with Practice Protect. This provides a seamless login experience to the ChatGPT platform including the mobile application.

Once SSO is enabled and enforced, users will no longer be able to sign in using other login methods (e.g., Google, Microsoft, Apple) for any account associated with the registered business domain in ChatGPT.

For users currently using non-business email addresses (e.g., personal Gmail accounts) or accounts not part of the ChatGPT Workspace, SSO will not apply to those accounts, and chat history will not carry over. In such cases, users must:

  1. Create a new ChatGPT account using their business email that matches their Practice Protect login.

  2. Manually migrate important chat history by exporting it from the old account and saving it for reference.

Prerequisites

  • Requires Business, Enterprise, or Edu ChatGPT Workspace. Please note that the Teams plan does not support SCIM provisioning.

  • Practice Protect Account with Admin Access
  • The username or email address of each associated ChatGPT account must match the login name used in Practice Protect to ensure successful SSO authentication.

Instructions

Verify Domain

To use the Single Sign On feature, your domain must be added and verified.

  1. Login to ChatGPT Workspace using an Admin Account.
  2. Click on your Profile and choose Workspace Settings
  3. In the left navigation menu, select Identity & Provisioning and click on + Add Domain button.
  4. Enter your domain and hit Submit.
  5. Once submitted, ChatGPT will provide a TXT record to verify ownership of your domain. Please contact the person (IT or Web Developer) who manages your DNS and have them add the provided TXT record.
  6. After adding the TXT record in your DNS provider, return to the setup page and click the Check button. If your domain ownership is successfully validated, the status will update to Verified.
    NOTE: You can add up to 99 verified domains per organization ID, and you have a 7-day period to complete the verification before the domain is marked as expired. Currently, each domain can only be verified on a single organization or workspace. If you encounter an error stating that the domain is already in use, please contact ChatGPT Support.
  7. After your domain is successfully verified, you can continue the SSO setup by configuring the SAML app in Practice Protect.
Setup & Enable Single Sign-On
  1. To get started, go to Identity & Provisioning in ChatGPT and click the “+ Set up SSO” button.
  2. Next, select CyberArk SAML as the Identity Provider on the selection page.
  3. Next step is sign in to Practice Protect and switch to the Admin Portal. It’s recommended to open a new tab for this while keeping the ChatGPT SSO configuration page open, so you can work through both setups simultaneously
  4. Follow the instructions to navigate to Apps & Widgets > Web Apps, then click Add Web Apps.

  5. Select the Custom tab, then click Add next to SAML.

  6. Click Yes.
  7. Set the Name of the app to ChatGPT SSO and click Save.
  8. Return to the ChatGPT SSO page and copy both the SP Entity ID and Assertion Consumer Service (ACS) values. These will be configured in Practice Protect.
  9. Next, return to Practice Protect, navigate to the Trust tab, scroll down to the Service Provider Configuration section, and select Manual Configuration.
  10. Paste the copied SP Entity ID and ACS URL into the corresponding fields in the Service Provider Configuration.
  11. For Sign Response or Assertion?, select Both.
  12. Click Save

  13. Return to the ChatGPT Workspace SSO Settings page, scroll to the bottom, and click Continue. This completes the first step of the ChatGPT SSO setup – Create a SAML app. We will now proceed with Configure SAML Attributes.

  14. Return to the ChatGPT SSO app in Practice Protect, then navigate to the SAML Response tab.

  15. In the Attributes section, click Add.

  16. Add each attribute by entering the Name along with its corresponding Attribute Value.
    1. id –  LoginUser.Uuid
    2. email – LoginUser.Email
    3. firstName – LoginUser.FirstName
    4. lastName – LoginUser.LastName 
  17. Click Save.
  18. Once saved, return to the ChatGPT Workspace SSO Settings (Configure SAML Attributes) page and click Continue. This completes the second step of the ChatGPT SSO setup. Next, Add Users to the SAML App.
  19. In Practice Protect Admin Portal, go to Core Services, click Roles > Add Roles. Create a role and set the name field to ChatGPT SSO Users. Then Save.
  20. Within the created role, click on Members Add. Add each user that should have access to the ChatGPT Workspace application, then Save.
  21. Proceed to Apps & Widgets > Web Apps and open ChatGPT SSO app.
  22. Go to Permissions. Click Add.

  23. Add the role you created earlier (e.g. ChatGPT SSO Users) and click Add then Save.
  24. Return to the ChatGPT Workspace SSO Settings (Add Users to the SAML App) page and click Continue. This completes the third step of the ChatGPT SSO setup. Next, Set Identity Provider Metadata.
  25. On the same page, ensure it is set to Dynamic Configuration rather than Manual Configuration. By default, this is already set to Dynamic Configuration.
  26. Revisit the ChatGPT SSO app in Practice Protect and navigate to the Trust tab.
  27. In the Identity Provider Configuration section, select Metadata and copy the Metadata URL.
  28. Go back to the ChatGPT Workspace SSO setup (Set Identity Provider Metadata), and paste the URL you copied into the Identity Provider Metadata URL field.
  29. Click Continue. This completes the fourth step of the ChatGPT SSO setup. Next, Configure Application Link 
  30. When creating the application link, select Static Relay State and copy the provided Static Relay State URL.
  31. Download the official ChatGPT logo. We will use this for the SSO app in Practice Protect.
  32. Navigate back to the ChatGPT SSO app in Practice Protect and go to Settings.
  33. Click Browse to upload the logo you just downloaded, then click Save.
  34. Proceed to the Trust tab, scroll down, and go to Service Provider Configuration.
  35. Under Manual Configuration, paste the Static Relay State URL you copied from Step 30 into the Relay State field.
  36. Hit Save.
  37. Once done, revert to Configure Application Link in ChatGPT Workspace and click Continue.  This completes the fifth step of the ChatGPT SSO setup. Next, Test Single Sign-On
  38. Once all configurations are set, click Continue to sign in.
  39. This will redirect you to Practice Protect to sign in. The user must use their Practice Protect credentials to verify the connection and complete the testing. This is the final step required to complete the SSO setup.
  40. Once successful, a message stating “Test was successful” will appear. Close the page and navigate back to the SSO configuration in ChatGPT.
  41. SSO is now enabled. Users can still sign in using their regular credentials. To enforce SSO, proceed with the next steps.
  42. It is recommended to test SSO with the remaining users to ensure it works for them. They can also access the ChatGPT SSO app in Practice Protect.
  43. Switch on Enforce SSO Login. Note that this will prevent users from signing in through their social accounts.
  44. SSO is now enabled and enforced.
  45. This ends the SSO configuration
Updated on December 23, 2025
Tagged:
Need Support?
Can't find the answer you're looking for?
Contact Support