Enable SSO provider logins for Teams | Feature Requests

Enable SSO provider logins for Teams

under review

danielle

It would be helpful to let a team admin restrict login methods for their members. For example, a team could force its members to only log on with our supported SSO methods.

We'd like to support at least Okta for this.

July 20, 2020

yaron levi

This is critical for us.

Being able to use Jumpcloud for login (SAML or SCIM would be fine)

Dalton Conley

Are there any updates on this feature request?

Meagan Gamache

marked this post as

under review

Olivier Tassinari

+1 for being able to force login with a Google Workspace SSO. It's already how we encourage our team to log in but I would like to make it impossible to use other login methods like with a password or with GitHub. This would help with security (we enforce 2FA with our Google Workspace SSO).

Jade Paoletta

Additionally, be able to provision new users signing in with the company email domain to the team the first time they sign in.

Lloyd Chang

Hi Jade Paoletta, Anurag Goel, danielle, Olivier Tassinari, Waseem Daher,
----
Pricing question:
 Would SAML SSO be in Render's Individual, Team, Organization and/or Enterprise Plan?
Various companies price SAML SSO differently.
For example:
• GitHub offers SAML SSO in Enterprise plan only
 — SAML SSO is unavailable
 in Free and Team plans
• Whereas GitLab offers SAML SSO in all
 plans — SAML SSO is available
 in Free, Premium and Ultimate plans
----
Feedback about
Jade Paoletta's reply:
> "Additionally, be able to provision new users signing in with the company email domain to the team the first time they sign in."
That Provisioning aspect describes SCIM SSO.
Having evaluated SSO and SCIM in different contexts (outside of Render)
, I empathize
 with the challenges when grokking security acronyms.
It took me awhile to grok the differences between SAML and SCIM protocols, and this is a summary:
• SAML
SSO
 is a protocol for authentication — Sign in / Logout
• SCIM
SSO
 is a protocol for provisioning — Automated User Management
----
Thank you.

Waseem Daher

This is basically a security request from my side: if an employee were to leave the company, we'd want to make it easy/automatic to revoke their access to our environment. The easiest way to do that is to basically require them to log in via OAuth (or via SSO with a provider like Okta).