Meshy

Teams on our Enterprise tier can opt to enable SAML SSO to manage logins through an identity provider. We currently support most identity providers (Okta, OneLogin, Google Workspaces, Auth0, etc.).

Once SAML/SSO is enabled and domains are verified, all team members will be required to login via SSO by default, thus, disabling any other login method type. User sessions won't be logged out or notified at the time of enabling, but the next time they sign in they will automatically have to use SAML to regain access.

Members can login via your identity provider's website or automatically through Meshy. SSO can only be configured by team owners or admins.

You will need to add Meshy into your identity provider before logging in with SSO for the first time. Please consult your identity provider's documentation for specific instructions on how to add new applications.

You may need to provide the below information. Optional information can likely be left blank if not required.

To configure SSO in Meshy, you must be an enterprise team owner or admin.

Find Authentication Settings section at the bottom of the page

Either enter a sign-in URL or upload an XML file. This info comes from your identity provider (IdP). Some IdPs (like Okta) give you a URL, while others (like Google Workspace) provide an XML file. Check your IdP's documentation to locate this.

Add Domains for SSO. After saving changes, your domains will show as Unverified. Note: Subdomains must be added separately.

Click the "Unverified" button next to a domain. A pop-up will show a text string. You’ll need to add this to your DNS to confirm ownership. If you're not sure how, ask your IT team for help.

Once the DNS record is added, go back to the Authentication Settings page, click "Unverified" again, then click "Verify." Domains can only be verified one at a time.

If verified, the domain will show as "Verified". All users with emails from that domain will now log into Meshy using SSO.

1. Go to your Team Settings page
 
2. Find Authentication Settings section at the bottom of the page
 
 
 
3. Enable SSO/SAML 
 
4. Enter Sign-in Info
 Either enter a sign-in URL or upload an XML file. This info comes from your identity provider (IdP). Some IdPs (like Okta) give you a URL, while others (like Google Workspace) provide an XML file. Check your IdP's documentation to locate this.
 
5. Add Domains for SSO. After saving changes, your domains will show as Unverified. Note: Subdomains must be added separately.
 
 
 
6. Get the Domain Verification Code
 Click the "Unverified" button next to a domain. A pop-up will show a text string. You’ll need to add this to your DNS to confirm ownership. If you're not sure how, ask your IT team for help. 
 
7. Complete Verification
 Once the DNS record is added, go back to the Authentication Settings page, click "Unverified" again, then click "Verify." Domains can only be verified one at a time.
 
8. SSO enabled successfully
 If verified, the domain will show as "Verified". All users with emails from that domain will now log into Meshy using SSO.

Protocol	SAML 2.0
Single Sign On URL (Also known as ACS URL or Reply URL)	https://auth.meshy.ai/auth/v1/sso/saml/acs
Recipient URL	https://auth.meshy.ai/auth/v1/sso/saml/acs
Destination URL	https://auth.meshy.ai/auth/v1/sso/saml/acs
Audience Restriction (Also known as Entity ID)	https://auth.meshy.ai/auth/v1/sso/saml/metadata
Name ID format	EmailAddress
[Optional] Default Relay State	https://auth.meshy.ai

Name	Format	Value
email	Basic	user.email
user_name	Basic	user.login
first_name	Basic	user.firstName
last_name	Basic	user.lastName

Overview

Configuring your identity provider

Configuration in Meshy