Single sign-on

How to integrate with SAML SS

Enterprise customers can take advantage of their existing identity management systems and have their employees sign in to Snyk using their corporate identity. This greatly eases provisioning of users, and allows for deeper integration for Snyk org membership, role based access, etc.

The most common SSO protocol is SAML. In order to enable SAML SSO, a standard trust establishing procedure takes place for both Snyk and the customer. The following information is exchanged:

Snyk to Customer:

  1. Entity ID (such as urn:auth0:snyk:customer-name )
  2. ACS URL (such as https://snyk.auth0.com/login/callback)
  3. X509 Signing Certificate for SAML assertions (such as https://snyk.auth0.com/pem)

Customer to Snyk:

  1. Sign-In URL
  2. X509 Signing Certificate (Identity Provider public key encoded in PEM or CER format)
  3. Sign-Out URL (optional, recommended)
  4. User id attribute (optional, default is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier)
  5. Protocol binding (HTTP-POST is recommended, HTTP-Redirect is also supported)
  6. Whether or not IdP-initiated flow is supported (recommended)

Reach out to us at support@snyk.io with the details above to kick off the SAML integration!