Configuring single sign-on
If you are an administrator of a Cronitor for Business account you can enable single sign-on (SSO) for your team using any SAML2 identity provider.
When SSO is enabled, Cronitor will authenticate using your trusted identity provider and password-based login will be disabled for all team members.
Prepare your identity provider
To get started, follow the documentation for your identity provider to add a new SAML2 integration. Cronitor service provider details:
- Cronitor requests a
lastName attributes are accepted.
- Only SAML2 is supported, with
HTTP-Redirect binding for SP to IdP and
HTTP-POST binding for IdP to SP.
- The assertion consumer service post back URL is
Cronitor SAML metadata is available at https://cronitor.io/auth/saml/metadata
You will need three things from your identity provider for the next step:
- A sign-in URL
- The entityId (This is often the IdP metadata URL)
- An x509 certificate
Enabling SSO for your team
- After logging into Cronitor as an administrator, navigate to the
Click the Single sign-on link to add your identity provider details to Cronitor.
If you are redirected to an upgrade prompt, single sign-on is not available on your current plan.
- Paste the sign-in URL copied from your identity provider into the Sign-in URL field.
- Paste the entity id copied from your identity provider into the entity id field. (This is often the IdP metadata URL.)
- Paste the contents of the x509 cert from your identity provider. If you were given the cert as an attachment,
open it in a simple text editor like Notepad or TextEdit.
- After saving these required details, you will be able to test an IdP initiated sign-in flow.
- Check the Require SSO box when you are ready to disable password authentication and use SSO for your team.
- After requiring SSO leave yourself logged-in and immediately test your SAML login in a private browsing window. Return to the SAML settings and uncheck this box to disable SSO if your tests are unsuccessful.
If you have difficulty configuring or using SAML single sign-on, please contact email@example.com.