Single sign-on (SAML)

You can configure single sign-on for all users in your organization. This requires any user to authenticate through your identity provider (like Google Workspace or Okta). Users that log in using SSO will automatically get access to your organization (as a member). You can manually give new users admin rights on the Users screen.

SSO is only available on the enterprise plan. You can upgrade on the Billing page on the dashboard.

Setting up SSO for Google Workspace

  1. Log in to the Google Admin console at https://admin.google.com

  2. Click Apps > Web and mobile apps, then Add app > Add custom SAML app

  3. Enter "StableBuild" under app name, add a logo, and click Continue.

  4. Click Download metadata, wait for the file to download, then click Continue.

  5. Open a new browser window (keep Google Admin panel open), go to the StableBuild Dashboard, and click Settings > Set up SAML.

  6. Set a name for the identity provider (e.g. Google Workspace), select the IdP metadata file from Google, and click Upload metadata.

  7. Then copy the values from StableBuild to Google Workspace as below. Also make sure to set 'Name ID format' to 'EMAIL':

  8. Afterwards, in the Google admin panel, click Continue, then Finish. Then under 'User access' click on the 'caret down' icon:

    And enable the application for everyone:

  9. Now you'll need to re-login once using SSO. In the StableBuild Dashboard, under Settings > SAML / Single sign-on find the "Direct log-in URL". Then sign-out of StableBuild (click your avatar and click "Sign out"). Then navigate to the direct log-in URL to trigger the SSO flow:

  10. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to Settings and enable "Enforce log-in through SAML / SSO".

That's it. You've now configured single sign-on for all your users using Google Workspace. 🔐

Caveats

Logging in through Google's app drawer is currently not supported due to an issue in our authentication software (here).

Setting up SSO for Okta

  1. Log in to the Okta Admin console.

  2. Click Applications > Applications, then Create app integration, choose "SAML 2.0" and click Next.

  3. In step 1 of the SAML integration, enter "StableBuild" as your app name, upload a logo, and click Next.

    • Single sign-on URL: http://example.com

    • Audience URI (SP Entity ID): 1234

    • Default RelayState: Leave blank

    • Name ID format: EmailAddress

    Afterwards, click Next.

  4. Click through step 3 and finish the wizard.

  5. Under your application click "Sign On", then find "SAML Signing Certificates", select the 'Active' certificate, and click View IdP metadata. Then, save the resulting file (e.g. press CTRL+S or CMD+S).

  6. Go to "Assignments", click Assign > Assign to people, and add yourself:

  7. Open a new browser window (keep Okta open), go to the StableBuild Dashboard, and click Settings > Set up SAML.

  8. Set a name for the identity provider (e.g. Okta), select the IdP metadata file you just downloaded, and click Upload metadata.

  9. Now, go back to Okta, and under your application choose General, and then under "SAML Settings", click Edit.

  10. Under "Configure SAML", copy the values from StableBuild to Google Workspace as below. You'll need to click "Show Advanced Settings" to copy the 4th value.

  11. Now you'll need to re-login once using SSO. Sign-out of StableBuild, go to your Okta app dashboard and click the StableBuild logo:

  12. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to Settings and enable "Enforce log-in through SAML / SSO".

That's it. You've now configured single sign-on for all your users using Okta. 🔐

Last updated