SSO

Configure Single Sign-On on CoreWeave Cloud

Single Sign-On, commonly referred to as SSO, is an authentication scheme that allows the users in an organization to authenticate to CoreWeave Cloud from the same identity provider (IDP) used to log in to other organization-wide apps. Single Sign-On enhances security, and makes for a smoother log-in experience for your team.

CoreWeave organization admins can configure SSO from the admin dashboard on the Cloud UI.

Currently, the following IDPs are supported:

Okta

JumpCloud

Generic IDP

A single organization may have multiple SSO configurations, which is convenient in situations where multiple IDPs are used for different sets of users or teams.

Create a new SSO configuration

important

Only CoreWeave organization admins may configure SSO for an organization. Additionally, the creator of the organization will not be able to log in using SSO - this is to ensure that admins do not get locked out of CoreWeave Cloud, in the event that an SSO configuration encounters an issue.

To add or edit SSO configurations, first log in to your CoreWeave Cloud account, then navigate to the Organization Management page. Below the Users section, find the SSO Configurations section.

The SSO Configurations area on the CoreWeave Cloud UI

To add a new configuration, click the Add Configuration button. To edit an existing configuration, select the pencil icon under the Actions column to the right of the configuration name.

The SAML SSO modal

The SAML SSO Setup modal

Adding or editing a configuration is done through the SAML SSO Setup modal. All SSO configurations are similar across IDPs, so most require the same information and the same process:

• Create a new SSO configuration
  • The SAML SSO modal
  • Select an Identity Provider (IDP)
  • Configure the IDP
  • Configure CoreWeave SSO
  • Activate the SSO configuration

Select an Identity Provider (IDP)

The IDP selector menu

From the Your IDP drop-down menu, select your IDP.

Configure the IDP

The CoreWeave-specific configuration values in the SSO module

The Assertion Consumer Service (ACS) URL and the service provider (SP) entity ID are provided in the following two fields. These values are required to complete your IDP's configuration.

Configure CoreWeave SSO

IDP-provided fields, and the Display Name, in the SSO module

The fields Entity ID provided by the IDP, Single Sign-On URL, and X.509 Certificate provided by IDP are provided by your IDP. See the guide for JumpCloud, Okta, or the generic IDP setup instructions for further details.

note

See the IDP-specific configuration documentation for more information on these fields.

Finally, provide a name for the SSO configuration in the Display Name field that will make the configuration easy to identify.

Activate the SSO configuration

Check the "Configuration Active" box to turn on the SSO configuration

Finally, once the other fields are complete, ensure the Configuration Active checkbox is checked before clicking the Save button. Checking this box, then clicking Save, will turn the SSO configuration on.