Skip to content
Sanity
    • Platform

      Sanity Studio

      Flexible editing environment

      APIs

      Connect to anything

      Content Lake

      Real-time database

      Try product demo

      Features

      Real-time collaboration

      Fearlessly work with content

      Precise content querying

      Treat content as data with GROQ

      Localization

      Coherent messaging across territories

    • Use cases

      E-commerce

      Richer shopping experiences

      Marketing sites

      Control your story

      Products & services

      Innovate and automate

      Mobile apps

      Content backend for every OS

      View all

      Integrations

      Shopify
      Mux
      Vercel
      Netlify
      Algolia
      Cloudinary
      BigCommerce
      Commerce Layer
      Smartling
      Transifex
      View all
    • Learn

      Documentation
      Studio API Reference
      API reference
      Guides
      GROQ cheat sheet
      Sanity UI
      Get started

      Build and share

      Templates
      Tools and plugins
      Schemas and snippets
      Project showcase
      Share your work
      Browse Exchange

      Frameworks

      React
      Vue
      Next.js
      Nuxt.js
      Svelte
      Remix
      Gatsby
      Astro
      Angular
      Eleventy
      View all
    • Discover

      Blog
      Resource library
      Agency partners
      Become a partner
      Technical support
      Talk to sales

      Case studies

      Puma

      Source of truth for global markets

      Aether

      Unique digital shopping experience

      Morning Brew

      Omnichannel media distribution

      InVision

      Delivering exceptional customer experiences

      View all

      Popular guides

      Headless CMS
      Structured content
      Content modeling
      Headless SEO
      Static websites
      View all
    • Enterprise
    • Pricing
    • Log in
    • Contact sales
    • Get started
Contact salesGet started
Published February 1st 2023

Enterprise SSO

Introducing automatic granting of project access and roles to SSO users based on declarative rules.

Jesus De Oliveira

Principal Product Manager, Content Lake and Enterprise Experience

Powering content management and operations for the enterprise means supporting the needs of editors and developers, while enabling them to seamlessly work, collaborate and leverage content effectively. It also means ensuring it is possible to scale these workflows to different lines of business, teams and employees, while remaining compliant and avoiding compromising security but at the same time not introducing friction for users.

As Sanity is used in more areas and lines of business in your organization, new teams start new projects, but employees across the organization may still require access. Creating accounts and assigning roles one by one becomes cumbersome, error-prone, and ultimately introduces friction that slows down users and projects. More importantly, ensuring these users have and keep the right access and permissions through time becomes even more difficult.

We’re releasing a major improvement to our SAML/SSO integration capability, to enable automatic granting of project access and roles to users logging-in through SSO, based on declarative rules. With this new functionality, your organization’s users can onboard into Sanity by just logging-in with their corporate credentials and start working immediately, right in the appropriate projects and with the right role. At the same time, you can be sure users always have the right access and permissions across projects, without manual and error-prone work.

Solution Overview

With Enterprise SSO enabled, employees in your organization can securely log in to your Sanity projects using their corporate identity credentials, and instantly get started working on content, with the right project access and role.

Organizations can now use declarative rules provided by a 3P identity provider to log into the Sanity Studio

Sanity admins can define declarative rules that determine the projects and the roles a user receives when onboarding (first time they log-in to Sanity through SSO), or on every log-in (ensuring roles and project access is always up-to-date). Rules leverage the “group membership” meta-data field of the user’s record in the corporate identity provider, and support regular expressions to allow both simple and sophisticated cases.

Organizations can now specify group names provided by a 3P identity provider, which map to Sanity roles.

Declarative mapping rules can be configured to be applied upon every log-in of a user, ensuring its project access and roles stay in-sync with the latest user meta-data in the identity provider - for example, ensuring a user removed from a group or offboarded from the corporate identity provider automatically loses previously granted project access and roles. When using this model, a user’s project access and role cannot be modified manually to ensure consistency.

Organizational admins will know if a user is managed by a 3P provider with updates to the members page.

This enhances our robust set of enterprise capabilities, complementing custom CDN domains, dedicated infrastructure and detailed audit logging. Together, these enable you and your organization to leverage structured content at scale while meeting the compliance, security and operational demands of the enterprise.

A composable solution for digital businesses

Sanity’s customizable content solution offers enterprise companies flexibility to support all content, from powering marketing sites, digital signage, rewards programs, and more. Backed by an unparalleled developer experience, teams can flow content across robust APIs that drive critical business functions across any additional apps within a content lifecycle. To get started with Sanity for Enterprise, visit our website and schedule a demo with our team.

Page content

    • Solution Overview
    • A composable solution for digital businesses

Product

Sanity StudioAPIsContent LakeSecurity & Compliance
  • Sanity vs Contentful
  • Sanity vs Strapi
  • Sanity vs Wordpress
  • Sanity vs Adobe Experience Manager
  • Sanity vs Hygraph
  • Sanity vs Sitecore
  • Sanity vs Storyblok
  • Sanity vs Contentstack
  • Sanity vs Prismic
  • Sanity vs Drupal
  • Sanity vs ButterCMS

Resources

DocumentationBlogResource libraryCase Studies
  • React Blog
  • Gatsby Blog
  • Next.js Landing Pages
  • Making a PWA
  • Single Page Application
  • Svelte & Typescript App
  • Vue & Tailwind Blog
  • Developer Portfolio Templates
  • Form validation with Yup
  • Live Preview with Next.js and Sanity.io
  • Next.js blog
  • Next.js personal website
  • Clean Next.js + Sanity app
  • Clean Remix + Sanity app
  • Clean SvelteKit + Sanity app
  • All Templates
  • Agency partners
  • Technology partners
  • Headless CMS 101
  • Static Sites 101
  • Headless Commerce 101
  • CMS for enterprise
  • Headless SEO
  • Localization
  • Content as a Service
  • What is a DXP?
  • Typescript 101
  • Ecommerce SEO
  • What is a Composable DXP?
  • What is an API?
  • GraphQL vs REST
  • React CMS
  • Next.JS CMS
  • CMS for Shopify
  • API-first CMS
  • Content platform
  • Multilingual CMS
  • Static Site CMS
  • Gatsby CMS
  • Node CMS
  • E-commerce CMS
  • Vue CMS
  • Angular CMS
  • GraphQL CMS
  • Newspaper CMS
  • Magazine CMS
  • CMS for apps
  • Remix CMS
  • Nuxt CMS
  • SvelteKit CMS
  • Agile CMS
  • Eleventy CMS

Company

Contact SalesEnterpriseCareersTerms of ServicePrivacy PolicyAccessibility Statement

Stay connected

  • GitHub
  • Slack
  • Twitter
  • YouTube
  • Stack Overflow
  • Blog RSS
  • Newsletter
©Sanity 2023