CodeSignal supports single sign-on (SSO) for your users to easily access your organization's CodeSignal account through your identity provider of choice.
If you are using a popular Identity Provider (IdP), such as Okta, OneLogin, or Google, please check out the following articles for provisioning:
- Configuring SSO with Google G Suite
- Configuring SSO with Microsoft Azure
- Configuring SCIM User Provisioning with Okta
- Configuring SCIM User Provisioning with OneLogin
- Enabling Just-in-Time Provisioning with SSO/SAML Integration
SSO can be enabled by any company admin. Please ensure that your IT team configures and tests SSO before it is enabled for the company. If you are facing any issues with this set-up, please reach out to support@codesignal.com.
To navigate to SSO configuration, click the drop down under your profile, and select ORGANIZATION SETTINGS.
Then, enable Single sign on (SSO).
SAML 2.0
Supported Flows
- Single sign-on initiated by the Identity Provider
The following values need to be provided in order to configure single sign-on with SAML 2.0:
- SAML 2.0 Endpoint: This is the URL of your Identity Provider that will be used to log-in to CodeSignal.
- Identity Provider Issuer: This is the Entity ID of your Identity Provider that will be used to identify your organization on CodeSignal.
- X.509 Certificate: This is a certificate provided by your Identity Provider that serves as a public key.
Here are the values that you might need to configure your single sign-on application:
-
Login Redirect URI:
https://identity.codesignal.com/auth/sso/saml/authenticate
-
Service Provider Entity ID:
https://app.codesignal.com
Notes:- The service provider entity ID above must be entered exactly as shown above (no trailing slash). Setting this field to any other value than the above will result in authentication errors, so please be careful when entering this field in your identity provider.
-
If you are using a CodeSignal Sandbox environment, please use the following values:
-
Sandbox Login Redirect URI:
https://identity-sandbox.codesignal.com/auth/sso/saml/authenticate
-
Sandbox Service Provider Entity ID:
https://sandbox.codesignal.com
-
Sandbox Login Redirect URI:
Additionally, please provide a list of user emails (lowercase) for whom you want the single sign-on to be enabled if you don't want to enable it for all users in your CodeSignal account.
Configuring nameID
CodeSignal uses urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress as the nameID format. When configuring nameID on the Identity Provider, it should match the email address of a user on CodeSignal who belongs to the account you are configuring it for. The email address needs to be lowercase.
Note: Make sure that nameID remains in sync when you are making changes to user profiles in your Identity Provider. If a user doesn't have a valid nameID that matches their CodeSignal email address they will not be able to use single sign-on with CodeSignal.
Bindings
CodeSignal uses HTTP-POST binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST)