Configure SAML SSO

Set up SAML SSO for your organization

Prerequisites

To configure SAML SSO, you need an active CoreWeave account and admin permissions.

Configure SAML SSO for your organization

SAML SSO policies for CKS can be configured manually or by using a metadata URL.

To begin configuring SAML SSO either manually or with a metadata URL, Expand the IAM button and then select the SAML SSO button:

Important

SAML responses and assertions must both be signed by your IdP.

Configure manually

Configure SSO manually

Before configuring the SSO policy manually, you'll need the following information from your identity provider (IdP):

• The IdP's SSO URL
• The IdP's unique Entity ID
• A x.509 security certificate provided by your IdP

To configure SSO manually, do the following:

1. Select Manual Configuration:
2. Enter the SSO URL, the Entity ID, and the provided X.509 Security Certificate.
3. Click the Next button.
4. Confirm the information in the dialog boxes is correct.
5. Click the Deploy SSO button to activate the policy.

After deploying the SSO policy, you must add specific attributes to the IdP. For more information, see the Add attributes to the IdP section below.

Configure with metadata

Configure SSO using a metadata URL

To configure SSO using an SSO metadata URL, obtain the SSO metadata URL and do the following:

1. Select Metadata URL:
2. Enter the metadata URL.
3. Click the Next button.
4. Confirm the information in the dialog boxes is correct.
5. Click the Deploy SSO button to enable the policy.

After deploying the SSO policy, you must add specific attributes to the IdP. For more information, see the Add attributes to the IdP section below.

Add attributes to the IdP

After deploying the SSO policy, you must add the following attributes to your IdP:

Key	Description
email	User's email (unique identifier)
first_name	User's first name
last_name	User's last name

Manage the SSO policy

Once the SSO policy is deployed, the configuration dialog displays the policy's information and lets you manage it using the following buttons: Disable SAML, Enable SAML, and Edit.

Accessing the SSO Login Page

After you configure SSO for your organization, direct users to log in using your organization's dedicated SSO login URL.

The SSO login URL follows a standard format that includes your organization's unique ID directly before the final /login path segment.

To access the SSO login URL, do the following:

1. Find your organization's ID from Account Settings in the Cloud Console.

2. Replace ORG_ID in the example below with your Org ID.

   https://console.coreweave.com/accounts/saml/ORG_ID/login
   Replace `ORG_ID` with your organization's ID.

   Example

   If your organization ID is abc123, your SSO login URL would be:

   https://console.coreweave.com/accounts/saml/abc123/login

3. Share this URL with your team so they can log in using your SSO configuration.