EN 日本語
GitHub

SAML SSO in organizations

Organization members can log into or sign up to Bitrise using their own SAML SSO provider’s system. With SAML SSO, Organizations will be able to apply the security guidelines of their SAML SSO provider when accessing their Bitrise Organization.

SAML SSO with Org Elite subscription

Please note that SAML SSO is only available for Organizations with Org Elite subscription. If you try to set up SAML SSO to an Organization that has an Org Standard subscription, Single Sign On will appear on the left menu bar in your Account Settings but you won’t be able to use it. Click Upgrade to Org Elite in the pop-up window to use SAML SSO in your organization.

Since the SAML SSO feature is tied to the Org Elite plan, if you decide to downgrade from it, you will lose this feature. All Organization members will receive an email about the downgrade and you’ll have two weeks to re-upgrade to the Org Elite plan if you wish to use SAML SSO in your Org.

Before connecting SAML SSO to your Organization, make sure:

Guides on SAML SSO providers

Check out our guides on how to set up SAML SSO with the following SAML SSO providers:

Setting up SAML SSO for a Bitrise Organization

In this tutorial, we describe how Organization owners can set up their SAML SSO and invite Organization members to set up their own connections.

  1. Go to your Organization’s Single Sign On tab on bitrise.io.
  2. Copy the Single Sign-On URL. You will need this URL to add Bitrise on your SAML SSO provider’s site.
  3. Log into your own SAML SSO provider.
  4. Add Bitrise using the copied Single Sign-On URL. You’re generating your Single Sign-On (SSO) credentials here which you will need in a minute on Bitrise.
  5. Add the generated SSO credentials to the Identity provider sign-on URL and Certificate fields on the Single Sign On tab.
  6. Click the Configure SSO button.

If you’ve completed the steps, you and org members should get a verification email about SAML SSO connected to the respective organization.

Enabling SAML SSO

Now that the Organization owner has set up SAML SSO, everyone in the Organization has to enable SAML SSO before logging into their org via SAML SSO.

  1. Make sure you’re logged into Bitrise in the usual way. Use the same browser window to continue.

  2. Bitrise sends a verification e-mail to all Organization members. This email contains a Sign In via SSO button and a URL. Organization members are prompted to sign in to Bitrise by clicking the Sign In via SSO button or using the provided URL.

    The email also shows the Organization owner’s email address (should you need to contact them.)

    Click the Sign In via SSO button or copy-paste the URL to a NEW TAB of the same browser.

  3. Now you are redirected to your SAML SSO provider’s site where you have to provide your email address associated with your Bitrise Organization.

    If you provide a different Bitrise email address on your SAML SSO provider’s site which is not related to that particular Organization, you will get the below error message. Log in with the right email address of the Organization.

  4. You’re directed to the Allow “organization name” to sign you in page.

If all went well, you should be landing on our Bitrise Dashboard.

Checking SAML SSO statuses on Bitrise

Now that the Organization owner has set up SAML SSO for the Organization and all org members (including the owner) have enabled their SAML SSO, everyone in the org can check their SAML SSO statuses.

The Single Sign-On tab is only available for the Organization owner. Let’s see what else an Organization owner can see on the tab!

  1. Go to your Organization’s profile page.

  2. Click Single Sign On on the left menu.

    You will see the Review Users and the Disable SSO buttons:

    Disable SSO disables SAML SSO for all Organization members. Once disabled, org members will be able to sign in with the regular sign-in procedure. Please note that an individual org member can only be disabled at your own SAML SSO provider’s site!

    Review Users takes you from the Single Sign On tab to the People tab where you can check the Organization member’s SAML SSO status.

Organization members cannot access the Single Sign-On tab, but they can check their and other Organization members’ SAML SSO status under Members on the People tab.

About SAML SSO enforcement

Enforcing SAML SSO on your Organization provides an extra layer of security: you can enforce your own security guidelines to your Bitrise Organization (for example, password format requirements, two-factor authentication). This will make SAML SSO the only way for logging in/singing up to the Organization. If you invite more org members to a SAML-enforced Organization, they’ll have to enable their SAML SSO connection first to join the Organization.

Enforcing SAML SSO on an Organization

Once all Organization members have enabled their SAML SSO related to the Organization, the owner can enforce SAML SSO on the Organization with a simple toggle.

  1. Go to your Organization’s Single Sign On tab.
  2. Toggle the switch to the right to enforce SAML SSO.
  3. Click Save Changes.

Now Organization members can only log in via SAML SSO.

Can’t enforce SAML SSO on your Organization?

In some cases the Organization owner cannot enforce SAML SSO on the Organization because Organization members have not enabled their SAML SSO connection yet.

Logging in via SSO with a Bitrise account

If SAML SSO connection has been already added to your Organization and you are currently logged out of Bitrise, you can easily log into your Organization.

  1. Click Login via SSO on our login page.
  2. You will be redirected to the Initiate Single Sign-on page.
  3. Provide your Organization name.
  4. Click Continue to log in. You will be redirected to your own SSO provider’s page.
  5. Provide your email address associated with the Organization in Bitrise and follow your SAML SSO provider’s instructions.

Expired SAML SSO certificate

If your SAML SSO certificate has expired and you cannot log into Bitrise through SAML SSO, we advise you to contact our Support team, who will be happy to assist you

Logging in via SSO without a Bitrise account

If you do not have a Bitrise account yet and an Organization owner invites you to their Organization via email, you can easily sign up to Bitrise and connect to the respective Organization! Our Sign In via SSO email is Organization-specific so you’re just a couple of clicks away from accessing the right Bitrise Organization!

  1. Find the invitation email you got from Bitrise (letsconnect@bitrise.io) in your mailbox.

    (If you received an URL instead of an email from the Organization owner, have no fear! Opening the link in a new tab will take you to the Almost there… page. Follow the instructions there. You will receive a confirmation email from Bitrise which will include a link to complete the sign-up procedure.)

  2. Click Sign In via SSO or copy the provided URL in a new tab to acknowledge the connection. You will be redirected to your own SAML SSO provider’s site.
  3. Provide your email address. (It should be the same email address where you received the invitation.)
  4. Follow your SAML SSO provider’s instructions.
  5. You will be redirected to our Almost there… page.
  6. Provide a username you wish to use in Bitrise.
  7. Click Finish Signing Up to complete your sign up.

If all goes well, you land on our Bitrise Dashboard.

Disabling SAML SSO

Organization owners can disable an established SAML SSO for the Organization with a click of a button on the Single Sign On tab. Please note that if you delete someone from your IDP, you have to delete that Organization member from Bitrise as well.

Disabling an Organization’s SAML SSO

  1. Go to the Single Sign On tab of your Organization.

  2. Click Disable SSO.

    A confirmation pop-up appears where you can confirm/cancel your action. Please note that by clicking the Disable SSO button, you will disable SAML SSO for all Organization members. Once it’s done, org members will be able to log in through their normal Bitrise credentials.

You will receive an SSO has been disabled email from Bitrise (letsconnect@bitrise.io) which confirms the disabled SAML SSO for the Organization.

Disabling one Organization member’s SAML SSO

Please note if you click the x next to an Organization member’s name, you remove that person from the Organization but their SAML SSO is yet to be disabled!

  1. Go to your SAML SSO provider’s site.
  2. Disable the Organization member there. Please note that if you fail to do this, the org member will able to re-authenticate again to Bitrise using the IDP connection.

Related articles
How to change the owner of an app?

It can happen that you need to transfer an Application on Bitrise to another User or to an Organization. This can be done in a few seconds via a few...
Organization FAQ

Organizations are used to seamlessly manage bigger teams and members inside a company. It is a place to gather all the people working on each of your company's apps and...
Adding a new team member

Once you have your app set up, you can start inviting team members! You can select multiple roles for the new members, like: admin, developer, and qa/tester. Different roles have...
Changing the owner of an app

It can happen that you need to transfer an application on Bitrise to another user. This can be done in a few seconds by following a few quick steps.