Configure SAML/SSO
Set up SAML/SSO for your organization
Prerequisites
This guide presumes you have an active CoreWeave account and admin permissions.
Configure SAML/SSO for your organization
Beneath the "Users" and "Groups" pages on the right-hand navigation, administrators are presented a third link labeled "SSO." Only users belonging to the admin group on the Cloud Console can configure SSO.
Here, administrators configure and enable an SSO policy for their organization. An SSO policy may either be configured manually using the Manual Configuration modal, where IdP information is manually entered, or, policy information may be submitted using a metadata URL by clicking the Metadata URL tab and entering the URL provided by your IdP.
Configure SSO manually
To configure SSO manually, you must have the following information from your identity provider (IdP):
- The IdP's SSO URL
- The IdP's unique Entity ID
- A x.509 security certificate provided by your IdP
To configure the policy manually:
- From the SSO configuration screen, enter the SSO URL, the Entity ID, and the provided X.509 Security Certificate.
- Click the Next button.
- Confirm that the information as displayed is correct.
- Click the Deploy SSO button to activate the policy.
Configure SSO using a metadata URL
If your IdP has provided an SSO metadata URL, an administrator can use this to configure SSO instead.
- From the SSO configuration screen, click the Metadata URL tab.
- Enter the metadata URL.
- Click the Next button.
- Confirm the information as displayed is correct.
- Click the Deploy SSO button to enable the policy.
Add attributes to the IdP
After the SSO policy is deployed, you must add the following attributes to your IdP:
| Name | Value |
|---|---|
email | user.email |
login | user.login |
first_name | user.first_name |
last_name | user.last_name |
Manage the SSO policy
Once an SSO policy is deployed, the SSO page contains its information. The policy may then be disabled, re-enabled (if disabled), or the policy may be edited from the SSO page.
