StableBuild docs
  • StableBuild docs
  • Why StableBuild?
  • Pinning your first container
  • Mirrors and caches
    • OS package registry (Ubuntu, Debian, Alpine)
    • Docker mirror
    • PyPI mirror
    • File mirror
  • Product
    • Single sign-on (SAML)
    • Billing
  • Tutorials
    • Protecting your keys in public Docker containers
Powered by GitBook
On this page
  • Setting up SSO for Google Workspace
  • Setting up SSO for Okta
  1. Product

Single sign-on (SAML)

PreviousFile mirrorNextBilling

Last updated 1 year ago

You can configure single sign-on for all users in your organization. This requires any user to authenticate through your identity provider (like Google Workspace or Okta). Users that log in using SSO will automatically get access to your organization (as a member). You can manually give new users admin rights on the Users screen.

SSO is only available on the enterprise plan. You can upgrade on the Billing page on the .

Setting up SSO for Google Workspace

  1. Log in to the Google Admin console at

  2. Click Apps > Web and mobile apps, then Add app > Add custom SAML app

  3. Enter "StableBuild" under app name, add a logo, and click Continue.

  4. Click Download metadata, wait for the file to download, then click Continue.

  5. Open a new browser window (keep Google Admin panel open), go to the , and click Settings > Set up SAML.

  6. Set a name for the identity provider (e.g. Google Workspace), select the IdP metadata file from Google, and click Upload metadata.

  7. Then copy the values from StableBuild to Google Workspace as below. Also make sure to set 'Name ID format' to 'EMAIL':

  8. Afterwards, in the Google admin panel, click Continue, then Finish. Then under 'User access' click on the 'caret down' icon:

    And enable the application for everyone:

  9. Now you'll need to re-login once using SSO. In the StableBuild Dashboard, under Settings > SAML / Single sign-on find the "Direct log-in URL". Then sign-out of StableBuild (click your avatar and click "Sign out"). Then navigate to the direct log-in URL to trigger the SSO flow:

  10. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to Settings and enable "Enforce log-in through SAML / SSO".

That's it. You've now configured single sign-on for all your users using Google Workspace. 🔐

Caveats

Setting up SSO for Okta

  1. Log in to the Okta Admin console.

  2. Click Applications > Applications, then Create app integration, choose "SAML 2.0" and click Next.

  3. In step 1 of the SAML integration, enter "StableBuild" as your app name, upload a logo, and click Next.

    • Single sign-on URL: http://example.com

    • Audience URI (SP Entity ID): 1234

    • Default RelayState: Leave blank

    • Name ID format: EmailAddress

    Afterwards, click Next.

  4. Click through step 3 and finish the wizard.

  5. Under your application click "Sign On", then find "SAML Signing Certificates", select the 'Active' certificate, and click View IdP metadata. Then, save the resulting file (e.g. press CTRL+S or CMD+S).

  6. Go to "Assignments", click Assign > Assign to people, and add yourself:

  7. Set a name for the identity provider (e.g. Okta), select the IdP metadata file you just downloaded, and click Upload metadata.

  8. Now, go back to Okta, and under your application choose General, and then under "SAML Settings", click Edit.

  9. Under "Configure SAML", copy the values from StableBuild to Google Workspace as below. You'll need to click "Show Advanced Settings" to copy the 4th value.

  10. Now you'll need to re-login once using SSO. Sign-out of StableBuild, go to your Okta app dashboard and click the StableBuild logo:

  11. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to Settings and enable "Enforce log-in through SAML / SSO".

That's it. You've now configured single sign-on for all your users using Okta. 🔐

Logging in through Google's app drawer is currently not supported due to an issue in our authentication software ().

In step 2, enter the following info (we'll update these later):

Open a new browser window (keep Okta open), go to the , and click Settings > Set up SAML.

here
StableBuild Dashboard
dashboard
https://admin.google.com
StableBuild Dashboard
Adding a new SAML app in Google workspace
Download the IdP metadata from Google
Uploading the IdP metadata in StableBuild
Configuring Google Workspace as an IdP in StableBuild
Changing user access to StableBuild
Enabling anyone in your organization to use StableBuild from Google Workspace
Finding the direct log-in URL
The app drawer
Creating a new app integration in Okta
Creating a new application in Okta
Go to "Sign On"
Then save the IdP metadata from Okta
Assign people to use StableBuild from Okta
Uploading the Okta IdP metadata to StableBuild
Editing the SAML settings for your Okta application
Copying values from StableBuild to Okta
Log in to StableBuild from the Okta app dashboard