Before configuring SSO with SAML, you'll need:
- A SAML Identity Provider that you can connect with Cloudsmith.
- Manager access to the Cloudsmith organization.
For now, enabling SAML requires contacting Cloudsmith support.
Whilst Cloudsmith should work with any generic SAML IdP, we officially support and provide documentation for a number of the most common providers. Please see the below for guides for each officially supported provider:
Other providers may be supported, as long as they have the capability to set up a generic SAML application. If you need help with an unlisted integration, you can still contact us!
Once configured, you'll be able to access the SAML login page of your organization at the following URL:
Where YOUR_ORG_NAME is your organization's slug/identifier (what you would normally see in the URL when accessing your organization within Cloudsmith). If you're not sure what this is, ask us
- SAML enforcement
We don't (yet) support enforcement of SAML at the organization level. Organizations can enable SAML login for their users, but cannot yet enforce that it is the only available authentication method.
- SCIM provisioning
Cloudsmith doesn't currently implement SCIM (it's on our roadmap) and so doesn't have automatic deprovisioning. When organization members' sessions expire after their access is removed from the IdP, they aren't automatically removed from the organization (though they'll be unable to log in again). Existing tokens grant access to the organization even after their sessions expire. To remove access, organization admins can manually remove the authorized tokens and users from the organization.
Updated 9 months ago
|Single Sign-On with Google (G-Suite)|
|Single Sign-On with Azure AD|
|Single Sign-On with JumpCloud|
|Single Sign-On with OneLogin|
|Single Sign-On with Okta|