Home ci 17. security: SAML Single Sign On

17. security: SAML Single Sign On

Last updated on Aug 05, 2025

SAML Single Sign-On

Compliance Measures

  • Shared Responsibility
  • Firewall Access Control
  • Directory Sync
  • Secure Backend Access
  • Deployment Protection
  • Retention
  • Audit Logs
  • Protected Git Scopes

Security & Privacy

SAML SSO Overview

SAML (Security Assertion Markup Language) Single Sign-On (SSO) is a feature available on Epycbyte's Enterprise plans. Team owners can configure this feature to enable secure, centralized authentication for their team members using third-party identity providers like Okta or Auth0.

Configuring SAML SSO

Prerequisites

  • Must be an owner of the team.
  • Ensure the team is selected in the scope selector on your dashboard.

Steps

  1. Navigate to Settings > Security & Privacy.
  2. Select SAML Single Sign-On.
  3. Click Configure and follow the walkthrough to set up SAML SSO with your preferred identity provider.

Enforcing SAML SSO

  • To enhance security, enforce SAML SSO so that team members cannot access any team information unless authenticated via SAML.
  • Must be an owner and authenticated with SAML SSO before enabling this feature.

Steps

  1. From the dashboard, go to Settings > Security & Privacy.
  2. Navigate to SAML Single Sign-On.
  3. Toggle Require Team Members to login with SAML to Enabled.

Authenticating with SAML SSO

  • After configuring SAML, team members can log in using their identity provider.

Steps

  1. On the authentication page, select Continue with SAML SSO.
  2. Enter your team's URL. The team slug (e.g., acme for epycbyte.com/acme) is used here.
  3. Select Continue with SAML SSO again to redirect to the third-party provider.

Customizing the Login Page

  • Create a login page that only shows the SAML SSO option by appending your team ID as a query parameter: https://epycbyte.com/login?saml=team_id.

De-provisioning Team Members

  • Epycbyte supports SCIM (System for Change Management), so removing a user from your SAML provider automatically offboards them from Epycbyte.

Supported SAML Providers

  • Okta
  • Auth0
  • Google
  • Azure
  • Microsoft ADFS
  • PingOne
  • OneLogin
  • Duo
  • JumpCloud
  • PingFederate
  • ADP
  • Keycloak
  • Cyberark
  • OpenID
  • VMware
  • LastPass
  • miniOrange
  • NetIQ
  • Oracle Cloud
  • Salesforce CAS
  • ClassLink
  • Cloudflare
  • SimpleSAMLphp

Conclusion

This article provides a comprehensive guide on configuring and managing SAML Single Sign-On for your team on Epycbyte. Let us know if you found this helpful!