News & Announcements

Announcing SSO with SAML for Enterprise-scale Security

Netlify cares about your company’s security and strives to provide you with the best methods to manage member access to your team. If you’re managing member access and configuring single sign-on (SSO) across multiple teams, then we have some exciting news for you.

What is SAML SSO?

SAML, or Security Assertion Markup Language, is an open standard used to transfer user authentication data between your identity provider (Okta, Google, Azure, Ping, etc) and the service provider (in this case, Netlify).

Netlify supports SAML single sign-on to be configured for secure member access at the team level and now, for Enterprise Grid customers, at the organization level.

Benefits of organization SSO with SAML

Historically, in order to configure single sign-on for user authentication into Netlify, Owners of multiple teams would have to configure SSO for each team individually. This is a tedious, time-consuming process that introduces complexity and quality concerns. These risks are not desired when dealing with sensitive concerns such as team access management.

Organization SSO status within Netlify

With the addition of Organization SSO with SAML, Org Owners can now configure SSO for all of your teams in one place, reducing the time, overhead, and margin of error that accompanies these types of tasks. This also means that your identity provider administrators only need to configure one SAML app for all of your Netlify teams, further streamlining the process.

Getting started with SSO with SAML for your organization

We’ve teamed up with enterprise-readiness leaders WorkOS to leverage their expertise and resources in all-things authentication in order to provide a simple flow for configuring the SAML app for your Netlify organization. WorkOS manages integrations with over 20 identity providers and provides easy-to-follow, step-by-step guidance to get set up.

Identity Provider selection in WorkOS

SAML app configuration wizard in WorkOS

SAML configuration status in WorkOS

Once you configure your SAML single sign-on for your org, it will apply to all of your existing teams. Further, it will apply to every team you add to your organization in the future. Set it and forget it.

SSO configuration at the team level

In addition to Netlify team access, your org-level SSO configuration can also be used for the granular permission control of your protected sites and Deploy Previews.

The power of SAML SSO enforcement

Once you have SSO configured at the org level, users within your SAML app can log in to your Netlify teams using their identity provider credentials. As an added layer of protection, you can also enforce your organization’s SSO configuration as the only method allowed to access these teams.

Login type selection in Netlify

With the Strict option set, all users must authenticate through your identity provider in order to access your Netlify teams.

(NOTE: The Strict SSO Login type option is also available when configuring SSO at the team level. We recommend this setting be used regardless of where you configure your SAML single sign-on, as it is the most secure option.)

SSO with SAML is only the beginning

Organization SAML single sign-on is the first of many security, access control, and team member management features planned for our Enterprise Grid plan. Soon, you’ll be able to granularly manage roles and specific team access via Identity Provider Directory Sync (SCIM), moving this complex process to a single, simple workflow.

Sneak peek of the group mapping experience in Netlify

We’re excited to provide you with these security solutions! We would love to hear from you on any security, access management, and team member management challenges that your company faces.

Get in touch with us!

Keep reading

Recent posts

How do the best dev and marketing teams work together?