Instructions on adding Grammarly to different identity providers:
- Azure AD
- CyberArk Identity
If your identity provider is not on the list, you can still try to configure it for Grammarly by using the following parameters:
- Single sign-on URL: https://sso.grammarly.com/saml/assertion
- Audience URI/SP Entity ID/Issuer: https://sso.grammarly.com/saml/metadata
- Name ID format: EmailAddress
- Name ID / Application Username / Unique Identifier: Email
- CommonName (instead of FirstName and LastName)
Note: The names of attributes/claims must follow the specified format. Alternative name spellings or FriendlyNames are not supported.
If present, the GrammarlyRole attribute assigns appropriate permission to the member. For more information about roles and permissions, see this article. The permitted GrammarlyRole values are:
If present, the GrammarlyGroupRoleGroupManager attribute assigns the appropriate permission to a team member. The value of the attribute should be the name of the group that the member is assigned to manage.
Note: The group manager permissions are available only to the Grammarly Business customers on the Enterprise Tier.
If present, the GrammarlyGroup attribute assigns the member to the corresponding group within Grammarly. For more information about groups, see this article.
Grammarly SSO supports alternative attribute and claim names to be compliant with standards such as InCommon. Below is a list of alternative attributes/claims that can be used:
- EmailAddress: mail, urn:oid:0.9.2342.19200300.100.1.3
- CommonName: commonName, cn, urn:oid:220.127.116.11
- FirstName: givenName, urn:oid:18.104.22.168
LastName: surname, sn, urn:oid:22.214.171.124
After you have the Grammarly SAML app set up in your identity provider, please see this article for instructions on how to enable SSO for your account.