CodeSignal supports single sign-on (SSO) for your users to easily access your organization's CodeSignal account through Microsoft Azure or your identity provider of choice.
If you are using one of the following Identity Providers (IdP), such as Okta, OneLogin, or Google, please check out the following articles for provisioning:
- Configuring SSO with Google G Suite
- Configuring SCIM User Provisioning with Okta
- Configuring SCIM User Provisioning with OneLogin
- Enabling Just-in-Time Provisioning with SSO/SAML Integration
Before you can start using single sign-on for CodeSignal you will need to contact firstname.lastname@example.org to configure SSO for your account and enable it for users who will need to use it.
- Single sign-on initiated by the Identity Provider
The following values need to be provided in order to configure single sign-on with SAML 2.0:
- SAML 2.0 Endpoint: This is the URL of your Identity Provider that will be used to log-in to CodeSignal.
- Identity Provider Issuer: This is the Entity ID of your Identity Provider that will be used to identify your organization on CodeSignal.
- X.509 Certificate: This is a certificate provided by your Identity Provider that serves as a public key.
Here are the values that you might need to configure your single sign-on application:
- Login Redirect URI: https://app.codesignal.com/sso/saml2.0/authenticate
- Service Provider Entity ID: https://app.codesignal.com
Additionally, please provide a list of user emails (lowercase) for whom you want the single sign-on to be enabled if you don't want to enable it for all users in your CodeSignal account.
urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress as the
nameID format. When configuring
nameID on the Identity Provider, it should match the email address of a user on CodeSignal who belongs to the account you are configuring it for. The email address needs to be lowercase.
Note: Make sure that nameID remains in sync when you are making changes to user profiles in your Identity Provider. If a user doesn't have a valid nameID that matches their CodeSignal email address they will not be able to use single sign-on with CodeSignal.
CodeSignal uses HTTP-POST binding (
Please note that admin access to CodeSignal is required in order to finalize the SSO configurations under the MY COMPANY SETTINGS tab.
Identity Provider SSO Login URL (needs to be IdP-initiated instead of SP-initiatied). This typically appears as follows: "https://myapps.microsoft.com/signin..."
Identity Provider Issuer, which typically appears as follows: "https://sts.windows.net/<id>/"
The X.509 Certificate generated
Once complete, please contact email@example.com to confirm the following for us:
What is the owned email domain with which you would like us to associate this?
Would you like us to enable JIT for your organization?
Questions? Email firstname.lastname@example.org