CodeSignal supports single sign-on (SSO) for your users to easily access your organization's CodeSignal account through your identity provider of choice.
If you are using a popular Identity Provider (IdP), such as Okta, OneLogin, or Google, please check out the following articles for provisioning:
- Configuring SSO with Google G Suite
- Configuring SSO with Microsoft Azure
- Configuring SCIM User Provisioning with Okta
- Configuring SCIM User Provisioning with OneLogin
- Enabling Just-in-Time Provisioning with SSO/SAML Integration
SSO can be enabled by any company admin. Please ensure that your IT team configures and tests SSO before it is enabled for the company. If you are facing any issues with this set-up, please reach out to support@codesignal.com.
To navigate to SSO configuration, click the drop down under your profile, and select My Company Settings.
Then, click the SSO tab.
SAML 2.0
Supported Flows
- Single sign-on initiated by the Identity Provider
The following values need to be provided in order to configure single sign-on with SAML 2.0:
- SAML 2.0 Endpoint: This is the URL of your Identity Provider that will be used to log-in to CodeSignal.
- Identity Provider Issuer: This is the Entity ID of your Identity Provider that will be used to identify your organization on CodeSignal.
- X.509 Certificate: This is a certificate provided by your Identity Provider that serves as a public key.
Here are the values that you might need to configure your single sign-on application:
- Login Redirect URI: https://app.codesignal.com/sso/saml2.0/authenticate
- Service Provider Entity ID: https://app.codesignal.com
Additionally, please provide a list of user emails (lowercase) for whom you want the single sign-on to be enabled if you don't want to enable it for all users in your CodeSignal account.
Configuring nameID
CodeSignal uses urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress as the nameID format. When configuring nameID on the Identity Provider, it should match the email address of a user on CodeSignal who belongs to the account you are configuring it for. The email address needs to be lowercase.
Note: Make sure that nameID remains in sync when you are making changes to user profiles in your Identity Provider. If a user doesn't have a valid nameID that matches their CodeSignal email address they will not be able to use single sign-on with CodeSignal.
Bindings
CodeSignal uses HTTP-POST binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST)
Questions? Email support@codesignal.com