Enterprise SSO
Configure your Stainless Organization to accept sign-ins from identity providers like Google, Okta, or a custom SAML implementation.
When you sign up for an enterprise organization, you will have the option to customize how users sign in. This is currently handled manually; just let us know that you’d like to customize SSO, and we will take it from there.
Existing accounts must contact support in order to set up or update SSO settings.
In this flow you will be given a link that allows your Organization’s IT or IdP team to configure an authentication provider. Then when users sign up they are automatically added to your Stainless organization with the Editor role, which can be updated by an admin.
Users in the CLI can authenticate just the same, via stl auth login.
Note: identities are not linked; users can have two accounts with the same email, if they sign in with GitHub and then using SSO with the same email. But the opposite flow is blocked: if we see a sign-in from GitHub on your enterprise domain, the user will be asked to sign in with SSO instead.
SCIM is not currently supported - contact us if you’d like to use a directory to control member roles and auto provisioning.
SSO is handled by WorkOS, our Enterprise Identity Infrastructure Provider. For technical details check their docs on SAML integration and SAML security.