Configure SAML SSO
Set up SAML SSO for your organization
Prerequisites
To configure SAML SSO, you need an active CoreWeave account and admin permissions.
Configure SAML SSO for your organization
SAML SSO policies for CKS can be configured manually or by using a metadata URL.
To begin configuring SAML SSO either manually or with a metadata URL, Expand the IAM button and then select the SAML SSO button:
SAML responses and assertions must both be signed by your IdP.
- Configure manually
- Configure with metadata
Configure SSO manually
Before configuring the SSO policy manually, you'll need the following information from your identity provider (IdP):
- The IdP's SSO URL
- The IdP's unique Entity ID
- A x.509 security certificate provided by your IdP
To configure SSO manually, do the following:
- Select Manual Configuration:
- Enter the SSO URL, the Entity ID, and the provided X.509 Security Certificate.
- Click the Next button.
- Confirm the information in the dialog boxes is correct.
- Click the Deploy SSO button to activate the policy.
After deploying the SSO policy, you must add specific attributes to the IdP. For more information, see the Add attributes to the IdP section below.
Configure SSO using a metadata URL
To configure SSO using an SSO metadata URL, obtain the SSO metadata URL and do the following:
- Select Metadata URL:
- Enter the metadata URL.
- Click the Next button.
- Confirm the information in the dialog boxes is correct.
- Click the Deploy SSO button to enable the policy.
After deploying the SSO policy, you must add specific attributes to the IdP. For more information, see the Add attributes to the IdP section below.
Add attributes to the IdP
After deploying the SSO policy, you must add the following attributes to your IdP:
Key | Description |
---|---|
email | User's email (unique identifier) |
first_name | User's first name |
last_name | User's last name |
Manage the SSO policy
Once the SSO policy is deployed, the configuration dialog displays the policy's information and lets you manage it using the following buttons: Disable SAML, Enable SAML, and Edit.
Accessing the SSO Login Page
After you configure SSO for your organization, direct users to log in using your organization's dedicated SSO login URL.
The SSO login URL follows a standard format that includes your organization's unique ID directly before the final /login
path segment.
To access the SSO login URL, do the following:
-
Find your organization's ID from Account Settings in the Cloud Console.
-
Replace
ORG_ID
in the example below with your Org ID.https://console.coreweave.com/accounts/saml/ORG_ID/loginReplace `ORG_ID` with your organization's ID.Example
If your organization ID is
abc123
, your SSO login URL would be:https://console.coreweave.com/accounts/saml/abc123/login -
Share this URL with your team so they can log in using your SSO configuration.