← All Articles

SAML, SSO and Automatic User Provisioning

Khash SajadiKhash Sajadi
Sep 8th 23

SAML, SSO and Automatic User Provisioning

We’ve been busy building a few features that are going to be very useful for teams at larger companies using Cloud 66: Automatic User Provisioning and SAML SSO.

SAML Single Sign-On

Let’s start with SAML SSO. SAML is a standard way of authenticating and authorizing user access to various different systems in enterprise. How do we know it is an enterprise standard? There is a lot of XML in there, which we managed to hide from you. In a nutshell, using SAML you can grant access to Cloud 66 from a SAML Identity Provider (IdP), like Okta, OneLogin, Salesforce, Google GSuite Apps or Azure AD. If you haven’t heard of any of these, then you can safely ignore this part of the announcement and move to Automatic User Provisioning.

However, if you or your organization uses any of these systems to control how you and your colleagues use external systems like Cloud 66, then read on.

Setting up SAML involves setting up Cloud 66 on your IdP and then adding it to your Cloud 66 account. Once you have configured Cloud 66 as an App (or “Service Provider” in SAML lingo) in your IdP, you can head to the Account page, click on Login and Security and then Single Sign-On. There you can add a SAML IdP to the list and enforce logins only through SAML.

We have written about setting up SAML SSO in more detail on our help and documentation site. Check it out.

SAML SSO is available to all our customers on Business plan.

Automatic User Provisioning

We’ve had support for multiple organizations, teams and groups for a very long time. Until now to add a new team member, you had to invite them individually to your team. Today we are rolling out Automatic User Provisioning (AUP) which automates this process.

Automatic User Provisioning is a fancy name for a way to automatically add anyone who falls into a certain category into your team, without individual invitation. For example, if you use SAML SSO, you can configure AUP to add anyone who logs in with SAML to your team. You can decide what permissions you want to grant these new signups when you configure your AUP.

If you don’t use SAML, you can still use AUP if you sign into Cloud 66 using your Google account.

Let’s say you want to automatically add anyone who signs up with an @example.com email to your team. Here is how you can do that:

First, verify your ownership of example.com. This can be done by following the instructions on Verified Domains section of your account page.

Then, head to Members page and create an AUP against this domain. Select which permissions you want to grant your new team members and you’re done. From now on, anyone who signs up with an @example.com email via Sign-in with Google, will be automatically invited to your team.

Automatic User Provisioning is available to all our customers on Team and Business plans.

We look forward to hearing your feedback on these features and as always, please let us know if we can help you with your Cloud 66 accounts in any way.

Enjoy!


Try Cloud 66 for Free, No credit card required