If you are an administrator of a Cronitor for Business account you can enable single sign-on (SSO) for your team using any SAML2 identity provider.
When SSO is enabled, Cronitor will authenticate using your trusted identity provider and password-based login will be disabled for all team members.
Prepare your identity provider
To get started, follow the documentation for your identity provider to add a new SAML2 integration. Cronitor service provider details:
- Cronitor requests a
nameId
format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Optional
firstName
and lastName
attributes are accepted.
- Only SAML2 is supported, with
HTTP-Redirect
binding for SP to IdP and HTTP-POST
binding for IdP to SP.
- The assertion consumer service post back URL is
https://cronitor.io/auth/saml/acs/ENCODED-USER-ID-HERE
Cronitor SAML metadata is available at https://cronitor.io/auth/saml/metadata
You will need three things from your identity provider for the next step:
- A sign-in URL
- The entityId (This is often the IdP metadata URL or Azure AD Identifier)
- An x509 certificate
Enabling SSO for your team
After logging into Cronitor as an administrator, navigate to the
Account page
Click the Single sign-on link to add your identity provider details to Cronitor.
If you are redirected to an upgrade prompt, single sign-on is not available on your current plan.
Paste the sign-in URL copied from your identity provider into the Sign-in URL field.
Paste the entity id copied from your identity provider into the entity id field. (This is often the IdP metadata URL. If you are using Azure, it is the 'Azure AD Identifier')
Paste the contents of the x509 cert from your identity provider. If you were given the cert as an attachment,
open it in a simple text editor like Notepad or TextEdit.
After saving these required details, you will be able to test an IdP initiated sign-in flow.
Check the Require SSO box when you are ready to disable password authentication and use SSO for your team.
After requiring SSO leave yourself logged-in and immediately test your SAML login in a private browsing window. Return to the SAML settings and uncheck this box to disable SSO if your tests are unsuccessful.
You're done!
Troubleshooting
If you have difficulty configuring or using SAML single sign-on, please contact support@cronitor.io.