{"componentChunkName":"component---src-templates-doc-tsx","path":"/product/accounts/sso/","result":{"data":{"file":{"id":"5d8ca7eb-aeb6-5777-8cae-8ec34434fad6","relativePath":"product/accounts/sso/index.mdx","sourceInstanceName":"docs","childMarkdownRemark":null,"childMdx":{"body":"function _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Single Sign-On (SSO)\",\n  \"sidebar_order\": 7,\n  \"redirect_from\": [\"/learn/sso/\", \"/product/sso/\"]\n};\n\nvar makeShortcode = function makeShortcode(name) {\n  return function MDXDefaultShortcode(props) {\n    console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n    return mdx(\"div\", props);\n  };\n};\n\nvar Alert = makeShortcode(\"Alert\");\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, [\"components\"]);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"Single Sign-On (or SSO) allows you to manage your organization\\u2019s entire membership via a third-party provider.\"), mdx(\"h2\", {\n    \"id\": \"preface\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h2\"\n  }, {\n    \"href\": \"#preface\",\n    \"aria-label\": \"preface permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Preface\"), mdx(\"p\", null, \"Before you get around to actually turning on SSO, you\\u2019ll want to keep in mind that once it\\u2019s activated, all existing users will need to link their account before they are able to continue using Sentry. Because of that we recommend coordinating with your team during off-peak hours. That said, it\\u2019s super quick to link accounts, so we don\\u2019t consider it a true hurdle.\"), mdx(Alert, {\n    title: \"Note\",\n    level: \"warning\",\n    mdxType: \"Alert\"\n  }, \"SSO is not available on free, trial or certain other plans.\"), mdx(\"h2\", {\n    \"id\": \"getting-started\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h2\"\n  }, {\n    \"href\": \"#getting-started\",\n    \"aria-label\": \"getting started permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Getting Started\"), mdx(\"p\", null, \"With that out of the way, head on over to your organization home. You\\u2019ll see an \\u201CAuth\\u201D link in the sidebar if you have access to SSO. Start by hitting that, and then continue to the \\u201CConfigure\\u201D link next to provider you wish to configure.\"), mdx(\"p\", null, \"Additionally we\\u2019ll automatically send each pre-existing member an email with instructions on linking their account. This will happen automatically once SSO is successfully configured. Even if they don't click the link, the next time they try to hit any page within the organization we\\u2019ll require them to link their account (with the same auth flow you just went through).\"), mdx(\"h2\", {\n    \"id\": \"default-membership\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h2\"\n  }, {\n    \"href\": \"#default-membership\",\n    \"aria-label\": \"default membership permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Default Membership\"), mdx(\"p\", null, \"Every member who creates a new account via SSO will be given global organization access with a member role. This means that they can access events from any team, but they won\\u2019t be able to create new projects or administer current ones.\"), mdx(\"h2\", {\n    \"id\": \"security\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h2\"\n  }, {\n    \"href\": \"#security\",\n    \"aria-label\": \"security permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Security\"), mdx(\"p\", null, \"Our SSO implementation prioritizes security. We aggressively monitor linked accounts and will disable them within any reasonable sign that the account\\u2019s access may have been revoked. Generally this will be transparent to you, but if the provider is functioning in an unexpected way you may experience more frequent re-authorization requests.\"), mdx(\"p\", null, \"Sessions last for \", mdx(\"a\", _extends({\n    parentName: \"p\"\n  }, {\n    \"href\": \"https://docs.djangoproject.com/en/1.11/topics/http/sessions/#using-cookie-based-sessions\"\n  }), \"Django's default session length\"), \", which is 2 weeks. We do not support customizing the session length.\"), mdx(\"h2\", {\n    \"id\": \"providers\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h2\"\n  }, {\n    \"href\": \"#providers\",\n    \"aria-label\": \"providers permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Providers\"), mdx(\"h3\", {\n    \"id\": \"google-business-app\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h3\"\n  }, {\n    \"href\": \"#google-business-app\",\n    \"aria-label\": \"google business app permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Google Business App\"), mdx(\"p\", null, \"Enabling the Google integration will ask you to authenticate against a Google Apps account. Once done, membership will be restricted to only members of the given Apps domain (i.e. \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"sentry.io\"), \").\"), mdx(\"h3\", {\n    \"id\": \"github-organizations\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h3\"\n  }, {\n    \"href\": \"#github-organizations\",\n    \"aria-label\": \"github organizations permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"GitHub Organizations\"), mdx(\"p\", null, \"The GitHub integration will authenticate against all organizations, and once complete prompt you for the organization which you wish to restrict access by.\"), mdx(\"h3\", {\n    \"id\": \"saml2-identity-provider\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h3\"\n  }, {\n    \"href\": \"#saml2-identity-provider\",\n    \"aria-label\": \"saml2 identity provider permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"SAML2 Identity Provider\"), mdx(\"p\", null, \"Sentry provides \", mdx(\"a\", _extends({\n    parentName: \"p\"\n  }, {\n    \"href\": \"https://en.wikipedia.org/wiki/SAML_2.0\"\n  }), \"SAML2 based authentication\"), \" which may be configured manually using the generic SAML2 provider, or a specific provider which provides defaults specific to that identity provider.\"), mdx(\"p\", null, \"Sentry supports the following SAML services:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Identity and Service Provider initiated SSO\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Identity Provider initiated SLO (Single Logout)\")), mdx(\"p\", null, \"Sentry\\u2019s Assertion Consumer Service uses the HTTP-POST bindings.\"), mdx(\"p\", null, \"Sentry\\u2019s SAML endpoints are as follows, where the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"[organization_slug]\"), \" is substituted for your organization slug:\"), mdx(\"table\", {\n    className: \"table\"\n  }, mdx(\"tbody\", {\n    valign: \"top\"\n  }, mdx(\"tr\", null, mdx(\"th\", null, \"ACS:\"), mdx(\"td\", null, mdx(\"code\", {\n    className: \"docutils literal\"\n  }, \"https://sentry.io/saml/acs/[organization_slug]/\"))), mdx(\"tr\", null, mdx(\"th\", null, \"SLS:\"), mdx(\"td\", null, mdx(\"code\", {\n    className: \"docutils literal\"\n  }, \"https://sentry.io/saml/sls/[organization_slug]/\"))), mdx(\"tr\", null, mdx(\"th\", null, \"Metadata:\"), mdx(\"td\", null, mdx(\"code\", {\n    className: \"docutils literal\"\n  }, \"https://sentry.io/saml/metadata/[organization_slug]/\"))))), mdx(Alert, {\n    title: \"Note\",\n    level: \"warning\",\n    mdxType: \"Alert\"\n  }, \"SAML2 SSO requires a Business or Enterprise Plan.\"), mdx(\"h4\", {\n    \"id\": \"onelogin\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h4\"\n  }, {\n    \"href\": \"#onelogin\",\n    \"aria-label\": \"onelogin permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"OneLogin\"), mdx(\"p\", null, \"In your OneLogin dashboard locate the Sentry app in the app catalog and add it to your organization.\"), mdx(\"p\", null, \"As part of OneLogin SSO configuration, you must to provide the OneLogin identity provider issuer URL to Sentry. This URL is specific to your OneLogin account and can be found under the \\u2018SSO\\u2019 tab on the Sentry OneLogin application configuration page.\"), mdx(\"p\", null, \"You may refer to the \", mdx(\"a\", _extends({\n    parentName: \"p\"\n  }, {\n    \"href\": \"https://support.onelogin.com/hc/en-us/articles/115005181586-Configuring-SAML-for-Sentry\"\n  }), \"OneLogin documentation\"), \" for more detailed setup instructions.\"), mdx(\"h4\", {\n    \"id\": \"okta\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h4\"\n  }, {\n    \"href\": \"#okta\",\n    \"aria-label\": \"okta permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Okta\"), mdx(\"p\", null, \"In your Okta admin dashboard locate the Sentry app in the Okta Application Network and add it to your organization.\"), mdx(\"p\", null, \"As part of the Okta SSO configuration, you must provide the Okta Identity Provider metadata to Sentry. This URL can be located under the Sign-On Methods SAML2 settings panel, look for the \\u2018Identity Provider metadata\\u2019 link which can may right click and copy link address.\"), mdx(\"p\", null, \"You may refer to the \", mdx(\"a\", _extends({\n    parentName: \"p\"\n  }, {\n    \"href\": \"https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Sentry.html\"\n  }), \"Okta documentation\"), \" for more detailed setup instructions.\"), mdx(\"h4\", {\n    \"id\": \"auth0\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h4\"\n  }, {\n    \"href\": \"#auth0\",\n    \"aria-label\": \"auth0 permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Auth0\"), mdx(\"p\", null, \"In your Auth0 dashboard locate the Sentry app under the SSO Integrations page and add it to your organization.\"), mdx(\"p\", null, \"As part of the Auth0 SSO configuration, you must provide the Auth0 Identity Provider metadata to Sentry. This URL is available under the Tutorial tab of the Sentry SSO integration.\"), mdx(\"h4\", {\n    \"id\": \"rippling\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h4\"\n  }, {\n    \"href\": \"#rippling\",\n    \"aria-label\": \"rippling permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Rippling\"), mdx(\"p\", null, \"In your Rippling admin dashboard locate the Sentry app in the list of suggested apps and select it.\"), mdx(\"p\", null, \"When prompted with the Rippling Metadata URL, copy this into the Sentry Rippling provider configuration. You will have to complete the Rippling application configuration before completing the sentry provider configuration.\"), mdx(\"h4\", {\n    \"id\": \"custom-saml2-integration\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", _extends({\n    parentName: \"h4\"\n  }, {\n    \"href\": \"#custom-saml2-integration\",\n    \"aria-label\": \"custom saml2 integration permalink\",\n    \"className\": \"anchor before\"\n  }), mdx(\"svg\", _extends({\n    parentName: \"a\"\n  }, {\n    \"viewBox\": \"0 0 24 24\",\n    \"xmlns\": \"http://www.w3.org/2000/svg\"\n  }), mdx(\"path\", _extends({\n    parentName: \"svg\"\n  }, {\n    \"d\": \"M10.879 6.05L15 1.93A5.001 5.001 0 0 1 22.071 9l-4.121 4.121a1 1 0 0 1-1.414-1.414l4.12-4.121a3 3 0 1 0-4.242-4.243l-4.121 4.121a1 1 0 1 1-1.414-1.414zm2.242 11.9L9 22.07A5 5 0 1 1 1.929 15l4.121-4.121a1 1 0 0 1 1.414 1.414l-4.12 4.121a3 3 0 1 0 4.242 4.243l4.121-4.121a1 1 0 1 1 1.414 1.414zm-8.364-.122l13.071-13.07a1 1 0 0 1 1.415 1.414L6.172 19.242a1 1 0 1 1-1.415-1.414z\",\n    \"fill\": \"currentColor\"\n  })))), \"Custom SAML2 Integration\"), mdx(\"p\", null, \"For other SAML2 SSO providers not listed above, Sentry provides generic connectors for \", mdx(\"a\", _extends({\n    parentName: \"p\"\n  }, {\n    \"href\": \"/product/accounts/sso/saml2/\"\n  }), \"SAML2 based authentication\"), \", which may be configured manually.\"));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#preface","title":"Preface"},{"url":"#getting-started","title":"Getting Started"},{"url":"#default-membership","title":"Default Membership"},{"url":"#security","title":"Security"},{"url":"#providers","title":"Providers","items":[{"url":"#google-business-app","title":"Google Business App"},{"url":"#github-organizations","title":"GitHub Organizations"},{"url":"#saml2-identity-provider","title":"SAML2 Identity Provider","items":[{"url":"#onelogin","title":"OneLogin"},{"url":"#okta","title":"Okta"},{"url":"#auth0","title":"Auth0"},{"url":"#rippling","title":"Rippling"},{"url":"#custom-saml2-integration","title":"Custom SAML2 Integration"}]}]}]},"internal":{"type":"Mdx"}}}},"pageContext":{"excerpt":"Single Sign-On (or SSO) allows you to manage your organization’s entire membership via a third-party provider. Preface Before you get around to actually turning on SSO, you’ll want to keep in mind that once it’s activated, all existing users will need to link their account before they are able to continue using Sentry. Because of that we recommend coordinating with your team during off-peak hours. That said, it’s super quick to link accounts, so we don’t consider it a true hurdle. Getting Started With that out of the way, head on over to your organization home. You’ll see an “Auth” link in the sidebar if you have access to SSO. Start by hitting that, and then continue to the “Configure” link next to provider you wish to configure. Additionally we’ll automatically send each pre-existing member an email with instructions on linking their account. This will happen automatically once SSO is successfully configured. Even if they don't click the link, the next time they try to hit any page within the organization we’ll require them to link their account (with the same auth flow you just went through). Default Membership Every member who creates a new account via SSO will be given global organization access with a member role. This means that they can access events from any team, but they won’t be able to create new projects or administer current ones. Security Our SSO implementation prioritizes security. We aggressively monitor linked accounts and will disable them within any reasonable sign that the account’s access may have been revoked. Generally this will be transparent to you, but if the provider is functioning in an unexpected way you may experience more frequent re-authorization requests. Sessions last for  Django's default session length , which is 2 weeks. We do not support customizing the session length. Providers Google Business App Enabling the Google integration will ask you to authenticate against a Google Apps account. Once done, membership will be restricted to only members of the given Apps domain (i.e.  sentry.io ). GitHub Organizations The GitHub integration will authenticate against all organizations, and once complete prompt you for the organization which you wish to restrict access by. SAML2 Identity Provider Sentry provides  SAML2 based authentication  which may be configured manually using the generic SAML2 provider, or a specific provider which provides defaults specific to that identity provider. Sentry supports the following SAML services: Identity and Service Provider initiated SSO Identity Provider initiated SLO (Single Logout) Sentry’s Assertion Consumer Service uses the HTTP-POST bindings. Sentry’s SAML endpoints are as follows, where the  [organization_slug]  is substituted for your organization slug: OneLogin In your OneLogin dashboard locate the Sentry app in the app catalog and add it to your organization. As part of OneLogin SSO configuration, you must to provide the OneLogin identity provider issuer URL to Sentry. This URL is specific to your OneLogin account and can be found under the ‘SSO’ tab on the Sentry OneLogin application configuration page. You may refer to the  OneLogin documentation  for more detailed setup instructions. Okta In your Okta admin dashboard locate the Sentry app in the Okta Application Network and add it to your organization. As part of the Okta SSO configuration, you must provide the Okta Identity Provider metadata to Sentry. This URL can be located under the Sign-On Methods SAML2 settings panel, look for the ‘Identity Provider metadata’ link which can may right click and copy link address. You may refer to the  Okta documentation  for more detailed setup instructions. Auth0 In your Auth0 dashboard locate the Sentry app under the SSO Integrations page and add it to your organization. As part of the Auth0 SSO configuration, you must provide the Auth0 Identity Provider metadata to Sentry. This URL is available under the Tutorial tab of the Sentry SSO integration. Rippling In your Rippling admin dashboard locate the Sentry app in the list of suggested apps and select it. When prompted with the Rippling Metadata URL, copy this into the Sentry Rippling provider configuration. You will have to complete the Rippling application configuration before completing the sentry provider configuration. Custom SAML2 Integration For other SAML2 SSO providers not listed above, Sentry provides generic connectors for  SAML2 based authentication , which may be configured manually.","title":"Single Sign-On (SSO)","description":null,"draft":null,"noindex":null,"notoc":null,"sidebar_order":7,"redirect_from":["/learn/sso/","/product/sso/"],"keywords":null,"id":"5d8ca7eb-aeb6-5777-8cae-8ec34434fad6","legacy":false}},"staticQueryHashes":["1218203755","1222113826","1222113826","1766336459","2158593473","2764967025","3345802723","3818502851","3990806462","4015007367","4192517163","4264099332","518019976"]}