Through the spotinst console, customers can enable SSO for their organization as they please.
The following article will cover the basic properties of setting an SSO for the organization.
Supported Identity Providers
Okta SAML, OneLogin SAML, ADFS SAML, Bitium SAML as well as additional Custom SAML.
Please note - in order to configure your SSO tool properly, use the articles in the following link: Spotinst - SSO configuration
Managing SAML-based single sign-on via spotinst console
In order to manage SSO configurations follow these steps:
- Login to your Spotinst account as an administrator: spotinst console
- Click on the user-icon and enter "Settings".
- Click on the “SECURITY" tab at the top and then select “Identity Providers”
SSO settings page
Relay state - The Organization ID - Used as the Relay State configuration for the identity provider (Used in Idp Initiated SSO)
Provider type - Currently the only supported standard is SAML (Security Assertion Markup Language)
Metadata - Data provided by the identity provider in order to sync our settings properly.
- For further information, check the following link - Spotinst - SSO configuration and choose the relevant article per IDP vendor.
User Default Organization Role - The role which will be given to users that logged in via the Identity Provider (Viewer/Editor)
For further information regarding user roles, check the following link: Spotinst - user roles
User Allowed Accounts - The accounts which the user will have access to (default account/all account)
For further information regarding accounts, check the following link: Organizations and accounts
Advanced - Overriding Role attribute via SAML Attribute
If a user logged in through SSO with a Role attribute, the role of that user will be set accordingly,
which means that these settings will affect both existing users and new users.
I.e - an xml attribute:
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Role"> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ADMIN </saml:AttributeValue> </saml:Attribute>