Integrations/OneLogin SSO

Secure artifact access with OneLogin SSO

Connect Cloudsmith to OneLogin via SAML to give your teams frictionless, policy-controlled access to your artifact repositories. Pair it with SCIM to automate user provisioning and de-provisioning as your organisation grows.

How we support OneLogin SSO

Cloudsmith integrates with OneLogin over SAML 2.0 and SCIM 2.0, so your identity policies extend naturally to your artifact registries.
    SAML 2.0 SSO
    Configure OneLogin as a SAML identity provider for your Cloudsmith workspace. Users authenticate once through OneLogin and gain immediate, policy-enforced access to your repositories.
    SCIM 2.0 provisioning
    Cloudsmith is SCIM 2.0-compliant. Automatically provision new users, deprovision leavers, and sync profile changes from OneLogin without any manual intervention.
    SAML group sync
    Map OneLogin groups to Cloudsmith teams automatically. Role assignments in your IdP are reflected in Cloudsmith on each login, keeping access consistent with your org structure.
    Enforce SSO-only access
    Optionally require all workspace members to authenticate exclusively via SAML, eliminating password-based logins and ensuring every access event flows through your OneLogin policies.
    Flexible metadata configuration
    Supply your OneLogin SAML Metadata XML by URL or inline. No complex setup required - paste your metadata, enable SAML in workspace settings, and your team can log in immediately.

Frequently asked questions

  1. Cloudsmith integrates with OneLogin via SAML 2.0 for single sign-on and SCIM 2.0 for automated user provisioning and de-provisioning. Both are industry-standard protocols supported natively by OneLogin.

  2. Create a SAML application in OneLogin, then supply the SAML Metadata XML - either via URL or inline - in your Cloudsmith workspace settings under Authentication. Full step-by-step guidance is in the Cloudsmith docs.

  3. Yes. Once SAML is configured, you can enable SAML-only authentication in your workspace settings. All users in the workspace will then be required to authenticate via OneLogin - password-based logins are blocked.

  4. Yes. Cloudsmith is SCIM 2.0-compliant and supports automated provisioning, de-provisioning, and profile updates via OneLogin. When you remove a user assignment in OneLogin, their Cloudsmith access is revoked automatically.

  5. Yes. Cloudsmith's SAML group sync lets you define mappings from OneLogin group attributes to Cloudsmith teams. The sync applies on each user login, keeping team membership consistent with your IdP.

Integrations

Discover more Cloudsmith Integrations