Single Sign-On
Authenticate FOSSA users through your corporate identity provider using SAML, G Suite, or LDAP.
Overview
In addition to FOSSA's built-in authentication, you can let your users sign in through your corporate identity provider. FOSSA supports login and account provisioning through G Suite (Google Workspace), SAML identity providers such as Okta, Auth0, Microsoft Entra ID (Azure AD), and Active Directory Federation Service, and LDAP.
Enabling single sign-on bypasses FOSSA's own authentication and verifies your users against your identity provider instead. How a user signs in depends on the provider you configure.
Active Directory Federation Service
EnterpriseConfigure Active Directory Federation Service (ADFS) as a SAML identity provider for single sign-on to FOSSA.
Auth0
EnterpriseConfigure Auth0 as a SAML identity provider for single sign-on to FOSSA.
G Suite
EnterpriseSet up Google Workspace (G Suite) single sign-on so users on your domain can sign in to FOSSA with Google.
LDAP
EnterpriseConfigure LDAP authentication so users sign in to FOSSA with their corporate directory credentials.
Microsoft Entra ID (Azure AD)
EnterpriseConfigure Microsoft Entra ID (formerly Azure AD) as a SAML identity provider for single sign-on to FOSSA.
Okta
EnterpriseConfigure Okta as a SAML identity provider for single sign-on to FOSSA.
SAML Attributes
EnterpriseMap SAML assertion attributes to FOSSA organization roles and team membership with the role and teams claims.
How your users sign in
| Identity provider | How users sign in |
|---|---|
| G Suite (Google Workspace) | Click Log in with Google on the FOSSA login page. |
| SAML (Okta, Auth0, Entra ID, ADFS) | Enter their email on the FOSSA login page and get redirected to your provider; or launch FOSSA directly from your provider's portal. |
| LDAP | Enter their username and password at your organization's org-name.fossa.app subdomain. |
Set up your identity provider
- Active Directory Federation Service
- Auth0
- G Suite (Google Workspace)
- LDAP
- Microsoft Entra ID (Azure AD)
- Okta
Claiming email domains
Domain claiming lets you associate one or more email domains with your FOSSA organization, so that any user who signs in with an email address on a claimed domain is automatically routed through your SSO provider rather than FOSSA's built-in login.
When a domain is claimed:
- Users who enter an email on that domain at the FOSSA login page are redirected to your SSO provider automatically.
- New users on the domain cannot bypass SSO by registering directly with a password.
- Existing users on the domain who previously had a password-based account will be prompted to authenticate through SSO on their next login.
To claim a domain, go to Settings → Organization → Authentication and use the domain claiming flow in the SSO configuration panel. FOSSA will verify domain ownership before activating the claim. If you run into issues, contact support@fossa.com.
Provisioning and login methods
When an account is provisioned through single sign-on, password-based login is disabled for that user. To add users who keep password login, invite them by email. See Inviting Users. Invited users can use both password and single sign-on login.