SSO / SAML Integration
Configure Single Sign-On with SAML 2.0 identity providers.
Overviewโ
Gauzy supports SSO through SAML 2.0 and OAuth2 providers for enterprise authentication.
SAML 2.0 Setupโ
1. Identity Provider Configurationโ
Configure your IdP (Okta, Azure AD, OneLogin, etc.) with:
| Setting | Value |
|---|---|
| SSO URL | {API_BASE_URL}/api/auth/saml/callback |
| Entity ID | {API_BASE_URL}/api/auth/saml/metadata |
| Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
2. Gauzy Configurationโ
SAML_ISSUER=your-entity-id
SAML_CALLBACK_URL=http://localhost:3000/api/auth/saml/callback
SAML_ENTRY_POINT=https://idp.example.com/sso/saml
SAML_CERT=your-idp-certificate
Attribute Mappingโ
| SAML Attribute | Gauzy Field |
|---|---|
email | User email |
firstName | First name |
lastName | Last name |
groups | Role mapping |
OAuth2 SSOโ
For OAuth2-based SSO, use the built-in social auth providers:
- Google โ Google Workspace SSO
- Microsoft โ Azure AD / Entra ID
- GitHub โ GitHub Organizations
See Social Auth for OAuth setup.
Enterprise SSO Featuresโ
| Feature | Description |
|---|---|
| Just-in-time provisioning | Auto-create users on first login |
| Role mapping | Map IdP groups to Gauzy roles |
| Forced SSO | Disable password login |
| Multi-provider | Multiple SSO providers |
Related Pagesโ
- Social Auth โ OAuth2 providers
- LDAP Integration โ directory services
- Tenant Isolation โ multi-tenant SSO