Other provider
Control access to BugSnag using a SAML SSO provider.
BugSnag’s Single Sign-On provides:
- Authentication and authorization (SAML)
- User provisioning and deprovisioning (SCIM)
For specific documentation for Okta, OneLogin and other supported providers, please see the supported providers.
Setup SAML
To configure SAML:
In BugSnag settings select Organization -> Single sign-on (Admin access is required):
- Copy the SAML endpoint URL to your clipboard.
- Download the encryption certificate (optional, if you want to configure your SSO provider to encrypt SAML assertions).
In the SSO provider create a SAML app:
- Configure the Service Provider (SP) Entity ID (used to validate the audience) with
https://app.bugsnag.com
.
- Paste the URL copied from BugSnag into the provider’s configuration. This may be called Assertion Consumer Service (ACS) URL or something similar.
- Ensure you are providing an email address as the name identifier in the SAML assertion. You can check that the
NameIDFormat
element in your SAML metadata is set to emailAddress
to verify this.
- (Optional) Configure attributes called
User.FirstName
and User.LastName
. If not supplied each user’s email address will be used as their name.
- (Optional) Upload the encryption certificate from BugSnag if you want to encrypt SAML assertions.
- Find a URL to the provider metadata and copy to your clipboard (the URL not the metadata itself).
In BugSnag:
- Paste the Metadata URL (recommended) or XML Metadata in the SAML/IdP Metadata field.
- Select Auto-provision collaborators if you would like accounts to be automatically created for new users when they first log in (see SCIM for full provisioning and deprovisioning support).
- Select whether users will be granted access to all current projects or no projects by default. Users will only be added up to your plan’s collaborator limit. After provisioning, access to projects can be managed by any Admin.
- Select Enable SSO.
You can now log in to BugSnag from your SSO provider.
Setup provisioning and deprovisioning (SCIM)
Provisioning and deprovisioning is available on Enterprise plans.
The following provisioning and deprovisioning features are supported:
- Create users
- Update user names and email addresses
- Deactivate users
In the BugSnag settings of an organization administrator, select My Account -> Personal auth tokens:
- Generate a new auth token which will be used for SCIM.
Select Organization -> Single sign-on (Admin access is required):
- Copy the SCIM Base URL.
In the SSO provider create a SAML app:
- Enable provisioning and enter the SCIM Base URL and auth token.
- BugSnag uses email address as the SCIM username.
BugSnag users can now be automatically provisioned and deprovisioned from your SSO provider.
Session Timeout
If a SessionNotOnOrAfter
value is present in the SAML authentication response, it will be used to set the timeout of the BugSnag session.
Please refer to your SSO provider’s documentation for more information on how to configure SessionNotOnOrAfter
.