2025.12.00

Gangmates Release Notes: v2025.12.00

Release Date: December 1, 2025 Environment: Prod Version: 2025.12.00

🎯 Release Overview

Gangmates now supports SSO + Full Lifecycle Provisioning (Create, Update, Suspend/Reactivate) with leading IdPs (Okta, Microsoft Entra, Auth0). This delivers zero-touch onboarding, instant offboarding, and always-in-sync profiles, reducing IT tickets and tightening compliance.

🚀 Detailed Release Notes

Highlights

  • Single Sign-On (OIDC): Centralized, secure sign-in using your corporate IdP.

  • Auto-Provisioning (GA): Users are created on first assignment from the IdP, with profile, roles, and company context set automatically.

  • Continuous Updates: Name, email, title, and group/role changes flow from IdP to Gangmates in near-real time.

  • Suspend/Reactivate: Disabling a user in the IdP immediately blocks Gangmates access; reactivation restores it—no manual steps.

Admin & IT Benefits

  • Zero-touch onboarding: Assign the app in your IdP; Gangmates handles the rest.

  • Cleaner audits: Every SSO sign-in and provisioning change is timestamped and logged.

  • Least-privilege by design: Group→Role mapping controls access; remove the group, remove access.

  • Reduced helpdesk load: Fewer password resets and profile change tickets.

What’s New in the UX

  • Smart SSO detection on Login: If the email domain is SSO-enabled, the UI prompts “Continue with SSO.”

  • Preflight & Spinner: Clear “Redirecting to your organization…” state while we hand off to your IdP, reducing user confusion.

Configuration (At a Glance)

  1. In your IdP, add the Gangmates app (OIDC + Provisioning) and assign a pilot group.

  2. In Gangmates: paste Issuer, Client ID/Secret, enable SSO & Provisioning, and set Group→Role mappings.

  3. Test with one user → pilot group → full rollout.

Security & Compliance

  • Standards-based: OIDC for auth; SCIM-style flows for provisioning.

  • Defense-in-depth: IdP email/issuer/audience validation, nonce checks, and token expiry enforcement.

  • Audit-ready: Central logs for sign-ins and lifecycle actions.

Error Handling & Resilience

  • Human-readable errors: Common IdP responses (e.g., expired/used code) surface as friendly messages with next steps.

  • Auto-recovery paths: Safe retries for transient IdP failures; clear guidance when user action is needed.

Availability

  • Included for all plans. Enable under Admin → Directory Services → SSO & Provisioning.

Need help?

  • Ask for our IdP checklist and a 30-minute guided setup session.

Questions? Our support team is ready to help at [email protected]

Previous2025.12.01Next2025.09.02

Last updated