---
title: "Cloudsmith’s CLI now supports authenticating with SAML single sign-on"
description: ""
canonical_url: "https://cloudsmith.com/changelog/cloudsmiths-cli-now-supports-authenticating-with-saml-single-sign_on"
last_updated: "2024-10-10T17:31:00.000Z"
---
# Cloudsmith’s CLI now supports authenticating with SAML single sign-on

The latest version of the Cloudsmith command-line interface (CLI) now supports authenticating your Cloudsmith account with SAML single sign-on. 🌟 This is useful for users who do not have a username and password and who primarily interact with Cloudsmith through the CLI, as you no longer have to go to the web application to retrieve your API key. 🎉

### What’s changed

Previously, the only way to authenticate to Cloudsmith via the CLI was using the **cloudsmith login** command, which requires a username and password. However, users who authenticate via SAML single sign-on do not have passwords configured for their accounts. Instead, those users had to log into the Cloudsmith web application and retrieve their API key.

Now, the Cloudsmith CLI supports a new command:

```json
{
  "_key": "0589b0bee509",
  "_type": "code",
  "code": "cloudsmith auth",
  "filename": null,
  "language": "sh",
  "markDefs": null
}
```

### How it works

When you use the new **cloudsmith auth** command, the Cloudsmith CLI will:

- Get the identity provider URL that is configured for the user’s organization.
- Open the identity provider URL in your browser to begin the authentication process.
   - If you are already signed in, authentication will complete.
   - If you are not signed in, you will be prompted to authenticate with your organization’s identity provider.
   - If your user account requires two-factor authentication, you will be prompted to enter your 2FA token
- Once authentication is complete, the CLI is issued an access token for your account.
   - This ephemeral token is valid for two hours.
   - The access token is stored securely within the user’s operating system credential storage mechanism
- The CLI will attempt to refresh the access token while the CLI is in use.
   - If the access token has expired, users can perform **cloudsmith auth** to re-authenticate.

### Getting started 🚀

To get started, download the latest version of the Cloudsmith CLI from either [Cloudsmith](https://cloudsmith.io/~cloudsmith/repos/cli/packages/) or [PyPi](https://pypi.org/project/cloudsmith-cli/). Note: The **cloudsmith auth** command is available from version 1.3.1. For more help with using the Cloudsmith CLI, please check out [our documentation](https://help.cloudsmith.io/docs/cli).
