Organization members can log into or sign up to Bitrise using their own SAML SSO provider’s system. With SAML SSO, organizations will be able to apply the security guidelines of their SAML SSO provider when accessing their Bitrise organization.
Before connecting SAML SSO to your organization, make sure:
- you have a SAML SSO provider (Identity Provider) that you can connect Bitrise to.
- your account on Bitrise has an organization. If it doesn’t have an organization, go ahead and create one. Setting up SAML SSO is the same for existing and brand new organizations on Bitrise.
- as with other organization management actions, only the organization owner can set up SAML SSO to a Bitrise organization.
In this guide we cover the following topics:
- Setting up SAML SSO for a Bitrise organization
- Enabling SAML SSO
- Checking SAML SSO statuses on Bitrise
- About SAML SSO enforcement
- Logging in via SSO with a Bitrise account
- Logging in via SSO without a Bitrise account
- Disabling SAML SSO
Setting up SAML SSO for a Bitrise organization ⚓
In this tutorial, we describe how organization owners can set up their SAML SSO and invite organization members to set up their own connections.
- Go to your organization’s
Single Sign Ontab on bitrise.io.
- Copy the
Single Sign-On URL. You will need this URL to add Bitrise on your SAML SSO provider’s site.
- Log into your own SAML SSO provider.
- Add Bitrise using the copied Single Sign-On URL. You’re generating your Single Sign-On (SSO) credentials here which you will need in a minute on Bitrise.
- Add the generated SSO credentials to the
Identity provider sign-on URLand
Certificatefields on the
Single Sign Ontab.
- Click the
If you’ve completed the steps, you and org members should get a verification email about SAML SSO connected to the respective organization.
Enabling SAML SSO ⚓
Now that the org owner has set up SAML SSO, everyone in the organization has to enable SAML SSO before logging into their org via SAML SSO.
Bitrise sends a verification e-mail to all organization members. This email contains a
Sign In via SSObutton and a URL. Org members are prompted to sign in to Bitrise by clicking the
Sign In via SSObutton or using the provided URL.
The email also shows the org owner’s email address (should you need to contact him/her.)
Now you are redirected to your SAML SSO provider’s site where you have to provide your email address associated with your Bitrise organization.
If you provide a different Bitrise email address on your SAML SSO provider’s site which is not related to that particular organization, you will get the below error message. Log in with the right email address of the organization.
You’re directed to the
Allow "organization name" to sign you inpage.
Authorizeif you trust the organization to control your Bitrise account-sign in process. Note that once you click
Authorize, you’ll only be able authenticate this account via SAML SSO.
Don't allowif the invitation email is from an untrusted source.
If all went well, you should be landing on our Bitrise Dashboard.
Checking SAML SSO statuses on Bitrise ⚓
Now that the org owner has set up SAML SSO for the organization and all org members (including the owner) have enabled their SAML SSO, everyone in the org can check their SAML SSO statuses.
Single Sign-On tab is only available for the org owner. Let’s see what else an org owner can see on the tab!
- Go to your organization’s profile page.
Single Sign Onon the left menu.
You will see the
Review Usersand the
Disable SSOdisables SAML SSO for all org members. Once disabled, org members will be able to sign in with the regular sign-in procedure. Please note that an individual org member can only be disabled at your own SAML SSO provider’s site!
Review Userstakes you from the
Single Sign Ontab to the
Peopletab where you can check the org member’s SAML SSO status.
SAML SSO IS ENABLED: Login via SAML SSO is enabled.
SAML SSO IS DISABLED: The org member has not enabled SSO connection through the
Sign in via SSObutton. To enable it, the org member has to follow the instructions in the verification email from Bitrise.
Organization members cannot access the
Single Sign-On tab, but they can check their and other org members’ SAML SSO status under
Members on the
About SAML SSO enforcement ⚓
Enforcing SAML SSO on your organization provides an extra layer of security: you can enforce your own security guidelines to your Bitrise organization (for example, password format requirements, two-factor authentication). This will make SAML SSO the only way for logging in/singing up to the organization. If you invite more org members to a SAML-enforced organization, they’ll have to enable their SAML SSO connection first to join the organization.
Enforcing SAML SSO on an organization ⚓
Once all org members have enabled their SAML SSO related to the organization, the owner can enforce SAML SSO on the organization with a simple toggle.
- Go to your organization’s
Single Sign Ontab.
- Toggle the switch to the right to enforce SAML SSO.
Now org members can only log in via SAML SSO.
Can’t enforce SAML SSO on your organization? ⚓
In some cases the org owner cannot enforce SAML SSO on the organization because org members have not enabled their SAML SSO connection yet.
An org member fails to enable SAML SSO on his part:
The owner can remove the org member from the organization and complete the enforcement process for the rest of the organization.
An org member tried to enable SAML SSO with another organization:
The owner can send the login URL to the org member who can follow the instructions to enable SAML SSO to the right organization.
Logging in via SSO with a Bitrise account ⚓
If SAML SSO connection has been already added to your organization and you are currently logged out of Bitrise, you can easily log into your organization.
Login via SSOon our login page.
- You will be redirected to the
Initiate Single Sign-on page.
- Provide your organization name.
Continue to log in. You will be redirected to your own SSO provider’s page.
- Provide your email address associated with the organization in Bitrise and follow your SAML SSO provider’s instructions.
Logging in via SSO without a Bitrise account ⚓
If you do not have a Bitrise account yet and an org owner invites you to his/her organization via email, you can easily sign up to Bitrise and connect to the respective organization! Our
Sign In via SSO email is organization-specific so you’re just a couple of clicks away from accessing the right Bitrise organization!
Find the invitation email you got from Bitrise (firstname.lastname@example.org) in your mailbox.
(If you received an URL instead of an email from the org owner, have no fear! Opening the link in a new tab will take you to the
Almost there...page. Follow the instructions there. You will receive a confirmation email from Bitrise which will include a link to complete the sign-up procedure.)
Sign In via SSOor copy the provided URL in a new tab to acknowledge the connection. You will be redirected to your own SAML SSO provider’s site.
- Provide your email address. (It should be the same email address where you received the invitation.)
- Follow your SAML SSO provider’s instructions.
- You will be redirected to our
- Provide a username you wish to use in Bitrise.
Finish Signing Upto complete your sign up.
If all goes well, you land on our Bitrise Dashboard.
Disabling SAML SSO ⚓
Org owners can disable an established SAML SSO for the organization with a click of a button on the
Single Sign On tab. Please note that if you delete someone from your IdP, you have to delete that org member from Bitrise as well.
Disabling an organization’s SAML SSO ⚓
- Go to the
Single Sign Ontab of your organization.
A confirmation pop-up appears where you can confirm/cancel your action. Please note that by clicking the
Disable SSObutton, you will disable SAML SSO for all organization members. Once it’s done, org members will be able to log in through their normal Bitrise credentials.
You will receive an
SSO has been disabled email from Bitrise (email@example.com) which confirms the disabled SAML SSO for the organization.
Disabling one org member’s SAML SSO ⚓
Please note if you click the
x next to an org member’s name, you remove that person from the organization but his/her SAML SSO is yet to be disabled!
- Go to your SAML SSO provider’s site.
- Disable the org member there. Please note that if you fail to do this, the org member will able to re-authenticate again to Bitrise using the IDP connection.