SSO / SAML Integration
Configure Single Sign-On with SAML 2.0 identity providers.
Overviewβ
Gauzy supports SSO through SAML 2.0 and OAuth2 providers for enterprise authentication.
SAML 2.0 Setupβ
1. Identity Provider Configurationβ
Configure your IdP (Okta, Azure AD, OneLogin, etc.) with:
| Setting | Value |
|---|---|
| SSO URL | {API_BASE_URL}/api/auth/saml/callback |
| Entity ID | {API_BASE_URL}/api/auth/saml/metadata |
| Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
2. Gauzy Configurationβ
SAML_ISSUER=your-entity-id
SAML_CALLBACK_URL=http://localhost:3000/api/auth/saml/callback
SAML_ENTRY_POINT=https://idp.example.com/sso/saml
SAML_CERT=your-idp-certificate
Attribute Mappingβ
| SAML Attribute | Gauzy Field |
|---|---|
email | User email |
firstName | First name |
lastName | Last name |
groups | Role mapping |
OAuth2 SSOβ
For OAuth2-based SSO, use the built-in social auth providers:
- Google β Google Workspace SSO
- Microsoft β Azure AD / Entra ID
- GitHub β GitHub Organizations
See Social Auth for OAuth setup.
Enterprise SSO Featuresβ
| Feature | Description |
|---|---|
| Just-in-time provisioning | Auto-create users on first login |
| Role mapping | Map IdP groups to Gauzy roles |
| Forced SSO | Disable password login |
| Multi-provider | Multiple SSO providers |
Related Pagesβ
- Social Auth β OAuth2 providers
- LDAP Integration β directory services
- Tenant Isolation β multi-tenant SSO