SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
Snyk Cloud
USING SNYK
Snyk Broker
User and group management
Managing authentication
Setting up Single Sign-On (SSO) for authentication
Choose a provisioning option
Set up Snyk Single Sign-On (SSO)
Self Serve Single Sign-On (SSO)
Custom Mapping Option
Example: Setting up custom mapping for Okta
Example: Setting up custom mapping for Azure AD
Identity Provider (IdP) migration
Example: Setting up OIDC Okta app with custom claims
Managing users & permissions
Managing groups & organizations
Structure account for high application performance
Managing notifications
Managing settings
Fixing and prioritizing issues
Snyk reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Data residency at Snyk
Snyk feature release process
Snyk Partner workshops
Error Catalog
Powered By GitBook
Setting up Single Sign-On (SSO) for authentication
Feature availability This feature is available with Business and Enterprise customers. See pricing plans for more details.

You can take advantage of your company's existing identity management systems, and have employees sign in to Snyk using their corporate identity. This makes provisioning Snyk to users easier. It also allows for deeper integration for group and organization membership, role-based access, and more.
Snyk can integrate with any SAML-based and OpenID Connect (OIDC)-based SSO, as well as ADFS. You can also use your Enterprise Identity Provider for SSO, including Azure AD and Google G Suite. Read more about SAML in the Auth0 documentation.

With SSO configured, users are provisioned with a new Snyk account when they first sign on through SSO, even if they previously created their own account.
The sign on process includes these steps:
  1. 1.
    When a user selects SSO from Snyk.io to log in, they are redirected to (and authenticated) by the identity provider you requested.
  2. 2.
    The identity provider communicates this authentication to Snyk servers, sending relevant data to Snyk in order to create each user.
  3. 3.
    Snyk checks the directory for that user.
  4. 4.
    If the user is already configured, Snyk enables the appropriate access. For a new user, Snyk adds the user to the directory, and then redirects them to Snyk.io with the appropriate access.

Previous
Authentication for third-party tools
Next
Choose a provisioning option
Last modified 3mo ago
Export as PDF
Copy link
Edit on GitHub
On this page
Introduction
User authentication and provisioning
Also see