Integrations/OneLogin SSO

Secure artifact access with OneLogin SSO

Connect Cloudsmith to OneLogin via SAML to give your teams frictionless, policy-controlled access to your artifact repositories. Pair it with SCIM to automate user provisioning and de-provisioning as your organisation grows.

How we support OneLogin SSO

Cloudsmith integrates with OneLogin over SAML 2.0 and SCIM 2.0, so your identity policies extend naturally to your artifact registries.
    SAML 2.0 SSO
    Configure OneLogin as a SAML identity provider for your Cloudsmith workspace. Users authenticate once through OneLogin and gain immediate, policy-enforced access to your repositories.
    SCIM 2.0 provisioning
    Cloudsmith is SCIM 2.0-compliant. Automatically provision new users, deprovision leavers, and sync profile changes from OneLogin without any manual intervention.
    SAML group sync
    Map OneLogin groups to Cloudsmith teams automatically. Role assignments in your IdP are reflected in Cloudsmith on each login, keeping access consistent with your org structure.
    Enforce SSO-only access
    Optionally require all workspace members to authenticate exclusively via SAML, eliminating password-based logins and ensuring every access event flows through your OneLogin policies.
    Flexible metadata configuration
    Supply your OneLogin SAML Metadata XML by URL or inline. No complex setup required - paste your metadata, enable SAML in workspace settings, and your team can log in immediately.

Why teams integrate Cloudsmith with OneLogin SSO

Managing artifact access with per-user credentials is a security liability and an operational drain. Connecting OneLogin to Cloudsmith closes those gaps without slowing your teams down.
Without CloudsmithDevelopers maintain separate Cloudsmith credentials that drift out of sync when people change roles or leave. Offboarding is a manual, error-prone process that leaves stale access in place.
With CloudsmithSCIM keeps Cloudsmith in lockstep with OneLogin. When a user is deprovisioned in your IdP, access to Cloudsmith is revoked automatically - no tickets, no manual steps.
Without CloudsmithAccess control across repositories is configured ad hoc, with no reliable link to your existing team structure. Audits reveal inconsistent permissions that no one can fully explain.
With CloudsmithSAML group sync maps OneLogin groups to Cloudsmith teams on every login. Your org structure in OneLogin becomes the single source of truth for who can access what in Cloudsmith.
Without CloudsmithWithout enforced SSO, some users bypass OneLogin entirely using API keys or passwords, creating blind spots in your access audit trail and undermining your MFA policy.
With CloudsmithEnforce SAML-only authentication at the workspace level. Every access event flows through OneLogin, giving your security team full visibility and consistent policy enforcement.

Frequently asked questions

  1. Cloudsmith integrates with OneLogin via SAML 2.0 for single sign-on and SCIM 2.0 for automated user provisioning and de-provisioning. Both are industry-standard protocols supported natively by OneLogin.

  2. Create a SAML application in OneLogin, then supply the SAML Metadata XML - either via URL or inline - in your Cloudsmith workspace settings under Authentication. Full step-by-step guidance is in the Cloudsmith docs.

  3. Yes. Once SAML is configured, you can enable SAML-only authentication in your workspace settings. All users in the workspace will then be required to authenticate via OneLogin - password-based logins are blocked.

  4. Yes. Cloudsmith is SCIM 2.0-compliant and supports automated provisioning, de-provisioning, and profile updates via OneLogin. When you remove a user assignment in OneLogin, their Cloudsmith access is revoked automatically.

  5. Yes. Cloudsmith's SAML group sync lets you define mappings from OneLogin group attributes to Cloudsmith teams. The sync applies on each user login, keeping team membership consistent with your IdP.

Integrations

Discover more Cloudsmith Integrations