Skip to main content

Configure SAML/SSO

Set up SAML/SSO for your organization

Prerequisites

This guide presumes you have an active CoreWeave account and admin permissions.

Configure SAML/SSO for your organization

Beneath the "Users" and "Groups" pages on the right-hand navigation, administrators are presented a third link labeled "SSO." Only users belonging to the admin group on the Cloud Console can configure SSO.

Here, administrators configure and enable an SSO policy for their organization. An SSO policy may either be configured manually using the Manual Configuration modal, where IdP information is manually entered, or, policy information may be submitted using a metadata URL by clicking the Metadata URL tab and entering the URL provided by your IdP.

Configure SSO manually

To configure SSO manually, you must have the following information from your identity provider (IdP):

  • The IdP's SSO URL
  • The IdP's unique Entity ID
  • A x.509 security certificate provided by your IdP

To configure the policy manually:

  1. From the SSO configuration screen, enter the SSO URL, the Entity ID, and the provided X.509 Security Certificate.
  2. Click the Next button.
  3. Confirm that the information as displayed is correct.
  4. Click the Deploy SSO button to activate the policy.

Configure SSO using a metadata URL

If your IdP has provided an SSO metadata URL, an administrator can use this to configure SSO instead.

  1. From the SSO configuration screen, click the Metadata URL tab.
  2. Enter the metadata URL.
  3. Click the Next button.
  4. Confirm the information as displayed is correct.
  5. Click the Deploy SSO button to enable the policy.

Add attributes to the IdP

After the SSO policy is deployed, you must add the following attributes to your IdP:

NameValue
emailuser.email
loginuser.login
first_nameuser.first_name
last_nameuser.last_name

Manage the SSO policy

Once an SSO policy is deployed, the SSO page contains its information. The policy may then be disabled, re-enabled (if disabled), or the policy may be edited from the SSO page.

Accessing the SSO Login Page

After you configure Single Sign-On (SSO) for your organization, direct users to log in using your organization's dedicated SSO login URL.

This URL follows a standard format that includes your organization's unique ID directly before the final /login path segment. Replace the ORG_ID placeholder in the example below with your actual organization ID, which you can find under Account Settings in the Cloud Console.

https://console.coreweave.com/accounts/saml/ORG_ID/login
Replace `ORG_ID` with your organization's ID.

Example

If your organization ID is abc123, your SSO login URL would be:

https://console.coreweave.com/accounts/saml/abc123/login

Share this URL with your team so they can log in using your SSO configuration.