Skip to main content
All CollectionsEnterprise
How can I enable SSO for my team?
How can I enable SSO for my team?
Updated yesterday

Overview

Teams on our Enterprise tier can opt to enable SAML SSO to manage logins through an identity provider. We currently support most identity providers (Okta, OneLogin, Google Workspaces, Auth0, etc.).

Once SAML/SSO is enabled and domains are verified, all team members will be required to login via SSO by default, thus, disabling any other login method type. User sessions won't be logged out or notified at the time of enabling, but the next time they sign in they will automatically have to use SAML to regain access.

Members can login via your identity provider's website or automatically through Meshy. SSO can only be configured by team owners or admins.

Configuring your identity provider

You will need to add Meshy into your identity provider before logging in with SSO for the first time. Please consult your identity provider's documentation for specific instructions on how to add new applications.

You may need to provide the below information. Optional information can likely be left blank if not required.

Protocol

SAML 2.0

Single Sign On URL

(Also known as ACS URL or Reply URL)

Recipient URL

Destination URL

Audience Restriction

(Also known as Entity ID)

Name ID format

EmailAddress

[Optional] Default Relay State

[Optional] Attribute Statements

Name

Format

Value

email

Basic

user.email

user_name

Basic

user.login

first_name

Basic

user.firstName

last_name

Basic

user.lastName

Configuration in Meshy

To configure SSO in Meshy, you must be an enterprise team owner or admin.

  1. Go to your Team Settings page

  2. Find Authentication Settings section at the bottom of the page

  3. Enable SSO/SAML

  4. Enter Sign-in Info

    Either enter a sign-in URL or upload an XML file. This info comes from your identity provider (IdP). Some IdPs (like Okta) give you a URL, while others (like Google Workspace) provide an XML file. Check your IdP's documentation to locate this.

  5. Add Domains for SSO. After saving changes, your domains will show as Unverified. Note: Subdomains must be added separately.

  6. Get the Domain Verification Code

    Click the "Unverified" button next to a domain. A pop-up will show a text string. You’ll need to add this to your DNS to confirm ownership. If you're not sure how, ask your IT team for help.

  7. Complete Verification

    Once the DNS record is added, go back to the Authentication Settings page, click "Unverified" again, then click "Verify." Domains can only be verified one at a time.

  8. SSO enabled successfully

    If verified, the domain will show as "Verified". All users with emails from that domain will now log into Meshy using SSO.

Did this answer your question?