Enable SSO provider logins for Teams
It would be helpful to let a team admin restrict login methods for their members. For example, a team could force its members to only log on with our supported SSO methods.
We'd like to support at least Okta for this.
marked this post as
+1 for being able to force login with a Google Workspace SSO. It's already how we encourage our team to log in but I would like to make it impossible to use other login methods like with a password or with GitHub. This would help with security (we enforce 2FA with our Google Workspace SSO).
Additionally, be able to provision new users signing in with the company email domain to the team the first time they sign in.
Hi Jade Paoletta, Anurag Goel, danielle, Olivier Tassinari, Waseem Daher,
Pricing question:Would SAML SSO be in Render's Individual, Team, Organization and/or Enterprise Plan?
Various companies price SAML SSO differently.
• GitHub offers SAML SSO in Enterprise plan
only— SAML SSO is
unavailablein Free and Team plans
• Whereas GitLab offers SAML SSO in
allplans — SAML SSO is
availablein Free, Premium and Ultimate plans
Feedback aboutJade Paoletta's reply:
> "Additionally, be able to provision new users signing in with the company email domain to the team the first time they sign in."
That Provisioning aspect describes SCIM SSO.
Having evaluated SSO and SCIM in different contexts
(outside of Render), I
empathizewith the challenges when grokking security acronyms.
It took me awhile to grok the differences between SAML and SCIM protocols, and this is a summary:
SSOis a protocol for authentication — Sign in / Logout
SSOis a protocol for provisioning — Automated User Management
This is basically a security request from my side: if an employee were to leave the company, we'd want to make it easy/automatic to revoke their access to our environment. The easiest way to do that is to basically require them to log in via OAuth (or via SSO with a provider like Okta).