Cloudsmith Documentation Hub

Welcome to the Cloudsmith Documentation Hub. You'll find comprehensive guides and documentation to help you start working with Cloudsmith as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Single Sign-On

Cloudsmith offers support for Single Sign-On (SSO) at the organization level using Security Assertion Markup Language (SAML). With SAML, organizations can use their existing SSO provider to manage and control access to their Cloudsmith organization account.

Getting Started

Before configuring SSO with SAML, you'll need:

  • A SAML Identity Provider that you can connect with Cloudsmith.
  • Manager access to the Cloudsmith organization.

Enable SAML

πŸ“˜

For now, enabling SAML requires contacting Cloudsmith support.

Supported Providers

Whilst Cloudsmith should work with any generic SAML IdP, we officially support and provide documentation for a number of the most common providers. Please see the below for guides for each officially supported provider:

Other providers may be supported, as long as they have the capability to set up a generic SAML application. If you need help with an unlisted integration, you can still contact us!

SAML Landing Page (Login)

Once configured, you'll be able to access the SAML login page of your organization at the following URL:
https://cloudsmith.io/orgs/YOUR_ORG_NAME/saml/login/

Where YOUR_ORG_NAME is your organization's slug/identifier (what you would normally see in the URL when accessing your organization within Cloudsmith). If you're not sure what this is, ask us

Caveats

  • SAML enforcement
    We don't (yet) support enforcement of SAML at the organization level. Organizations can enable SAML login for their users, but cannot yet enforce that it is the only available authentication method.
  • SCIM provisioning
    Cloudsmith doesn't currently implement SCIM (it's on our roadmap) and so doesn't have automatic deprovisioning. When organization members' sessions expire after their access is removed from the IdP, they aren't automatically removed from the organization (though they'll be unable to log in again). Existing tokens grant access to the organization even after their sessions expire. To remove access, organization admins can manually remove the authorized tokens and users from the organization.

Updated 9 months ago



Single Sign-On


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.