| description | SAML-based authentication for larger companies |
|---|
{% hint style="info" %} This feature is currently available to orgs who have the Max subscription or above. {% endhint %}
Single sign-on solutions (such as OKTA) allow organisations to centrally manage user access to DeviceCloud.
We support the following identity providers:
- Okta, Auth0
- Google Workspaces (formerly known as GSuite)
- Microsoft Active Directory, Azure Active Directory, Microsoft Entra
- PingIdentity
- OneLogin
Using a provider that is not on the list? Contact us and we'd be happy to help setup the integration.
These steps have been written with OKTA in mind, but are applicable to other identity providers too.
- Create a new application with SAML in OKTA
- Populate the SAML fields using the below values.
| Key | Value |
|---|---|
| Single sign-on URL (ACS URL) | https://cloud.devicecloud.dev/auth/v1/sso/saml/acs |
| Audience URI (SP Entity ID) | https://cloud.devicecloud.dev/auth/v1/sso/saml/metadata |
| Default Relay State | https://cloud.devicecloud.dev/ |
- Ensure the application username is set to EMAIL
- Ensure the Name ID Format is set also to EMAIL
- Generate your metadata URL (or XML file for some providers)
- Send the following to support@devicecloud.dev from an email address registered with DeviceCloud:
- your metadata URL (or XML)
- the email domain(s) you wish to protect
- Our support team will then verify you have purchased the required amount of credits and enforce SSO for the requested domains.
- Once activated, DeviceCloud supports Service Provider initiated login via SSO using the SSO button on the DeviceCloud login screen:
