Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. Bytebase supports the following standard protocols that provide SSO:

Prerequisites

Configure External URL.

Create SSO provider

As a Workspace Admin, you can create a SSO provider following the steps below:
  1. In Workspace, go to IAM & Admin -> SSO from left side bar.
  2. Click Create to start creating SSO.
  3. Fill in all the required fields. create-sso-dialog
  4. Test Connection on bottom left.
  5. If successfully connected, click Update on bottom right.

Sign in with SSO

Bytebase employs JIT (Just-In-Time) user provisioning. It will create the user the first time the user signs in.
Once a valid SSO has been created, you can choose to sign in with the configured SSO provider. sign-in-with-github

Enforce SSO Sign-in

As Workspace Admin, you can enforce SSO sign-in for all users in Workspace. In Workspace, go to Settings > General, scroll down to Account section and switch on Disallow signin with email & password. Then users can only sign in with SSO. disallow-emailpass-only-sso Afterwards, when the user tries to sign in, the only option is to sign in with the configured SSO provider. only-sso In case of emergency, the admin can log in by navigating to <YOUR_URL>/auth/admin and entering the email and password.