Setting up SAML (Security Assertion Markup Language) will allow your team members to quickly log in to the team CloudAMQP account using the credentials stored in your organization’s Identity Provider (IdP).
In the CloudAMQP Console under Team Settings → SAML Configuration you will find the information needed for setting up and where to upload your IdP metadata.
After SAML has been configured for your team, it is possible to auto-provision new users into your team. This works as long as the first login is initiated from your IdP (and the account email hasn't been used with CloudAMQP previously).
Note: You can only use "Sign in with SAML" on the CloudAMQP login page when the user exist in CloudAMQP.
To enforce specific roles, your IdP must send an extra 84codes.roles attribute in the SAML response. You can see examples of the attribute value on your SAML page: customer.cloudamqp.com/team/saml
You can also enforce SAML-initiated logins and disable password-based authentication. User accounts that are member of more than one team can still log in using password based authentication, however if they try and access a team where SAML is enforced then a SAML authentication will be needed before access is granted to that team.
To enforce SAML authentication, tick the checkbox stating Enforce SAML, disabble password-based login on customer.cloudamqp.com/team/saml once SAML is configured.
You can only connect a SAML application on your IdP to a single team in CloudAMQP. If your organization uses multiple CloudAMQP teams, you will need to configure one SAML application per team.
We have step-by-step instructions on configuring SAML for some of the most popular identity providers: