Skip to content
Watch a live product demo 👀 See how Sanity powers richer commerce experiences
Sanity
  • Platform

    Sanity Studio

    Flexible editing environment

    APIs

    Connect to anything

    Content Lake

    Real-time database

    Watch product demo

    Features

    Real-time collaboration

    Fearlessly work with content

    Precise content querying

    Treat content as data with GROQ

    Localization

    Coherent messaging across territories

  • Use cases

    E-commerce

    Richer shopping experiences

    Marketing sites

    Control your story

    Products & services

    Innovate and automate

    Mobile apps

    Content backend for every OS

    View all

    Integrations

    Shopify
    Mux
    Vercel
    Netlify
    Algolia
    Cloudinary
    BigCommerce
    Commerce Layer
    Smartling
    Transifex
    View all
  • Learn

    Documentation
    API reference
    Guides
    GROQ cheat sheet
    Sanity UI
    Get started

    Build and share

    Templates
    Tools and plugins
    Schemas and snippets
    Project showcase
    Share your work
    Browse Exchange

    Frameworks

    React
    Vue
    Next.js
    Nuxt.js
    Svelte
    Remix
    Gatsby
    Astro
    Angular
    Eleventy
    View all
  • Discover

    Blog
    Resource library
    Agency partners
    Become a partner
    Technical support
    Talk to sales

    Case studies

    Puma

    Source of truth for all global markets

    Aether

    Unique digital shopping experience

    Morning Brew

    Omnichannel media distribution

    InVision

    Delivering exceptional customer experiences

    View all

    Popular guides

    Structured content
    Content modeling
    Headless CMS
    Headless SEO
    Static websites
    View all
  • Enterprise
  • Pricing
  • Log in
  • Contact sales
  • Get started
Contact salesGet started
Published November 10th 2021

Upgraded access control: SAML support & easier role management

Sanity releases SAML SSO support and makes administering roles available in the management interface.

Marcus Sarmento

Former Head of Product Marketing at Sanity

Today, we’re releasing two new features that will make it easier to control access to Sanity and the actions users can take inside Sanity Studio.

First, we’re releasing expanded support for single sign-on (SSO) using the Security Assertion Markup Language (SAML) standard for Business and Enterprise plans.

Second, you can now administer and configure roles in the management interface. Customers on all plans have the ability to assign roles for the users in their projects, and Enterprise customers have the added ability to create custom roles and configure granular permissions against content edited within the Studio.

Together, these two releases provide better security and easier administration for your teams.

SAML support

A key way to improve security and compliance efforts is to enable Single Sign-On (SSO) for your organization. Not only does using SSO allow better access control and help maintain compliance, but it makes managing large groups of users a lot easier and provides a more streamlined experience for your team. Sanity has offered Custom SSO to clients on Enterprise plans for some time, letting you connect to your own custom logic solutions like Active Directory or Kerberos.

Starting today, customers on the Business and Enterprise plans can use the SAML standard to log into Sanity. SAML is one of the most widely used ways of exchanging credentials between identity providers (like Okta, Google, etc.), which means more of our community will be able to take advantage of SSO on Sanity.

To learn how to set up SAML in Sanity Studio, check out our docs. In a few easy steps, you can get SAML configured on all Business and Enterprise projects you choose.

Enhanced role management

Earlier this year we announced a revamped roles API, and introduced new roles for assignment (depending on your plan) that addressed most of the use cases for content control. That release also included a new version of Sanity Studio that had built-in detection of roles, which automatically controlled access and actions users could take.

Today, we’ve added support in our management interface for managing users and roles, defining custom roles (Enterprise plan feature), and specifying which roles can access specific content within datasets (Enterprise plan feature). That means it’s easier than ever to quickly create and change permissions for individuals or groups with just a few clicks.

To manage roles for a user, navigate to the Members tab, find the user you want to update, and simply choose the new role in the dropdown.

Defining custom roles (Enterprise plan feature) is straightforward too! Just go to the Access tab and click Create new role.

You’ll be asked to name the new role (Marketing Team) and specify which resources and actions this role should have access to. In addition to choosing individual datasets, you now have the ability to tag multiple datasets and grant or remove access to the tag, letting you further simplify role configuration across your team. For example, you may want to have consistent permissions for all datasets that store development, staging, or production content. Appending a dev, staging, or prod tag to the appropriate datasets keeps permissions in sync as long as the tag is enabled.

For more information about how to administer roles in the management interface, check out our docs.

Bonus use case for Enterprise customers

With these two releases, our Enterprise customers can now automatically assign new users who authenticate via SAML SSO to a previously created custom role. For example, you can give all new team members view-only permissions to start, and easily update the default role or an individual team member’s role down the road to help mitigate risk.

We hope you enjoy the added security and convenience of our improved access control features which make logging into Sanity and defining actions a user can take a whole lot easier.

Page content

  • SAML support
  • Enhanced role management
  • Bonus use case for Enterprise customers

Product

Sanity StudioAPIsContent LakeSecurity & Compliance
  • Sanity vs Contentful
  • Sanity vs Strapi
  • Sanity vs Wordpress
  • Sanity vs Adobe Experience Manager
  • Sanity vs Hygraph
  • Sanity vs Sitecore
  • Sanity vs Storyblok
  • Sanity vs Contentstack
  • Sanity vs Prismic
  • Sanity vs Drupal
  • Sanity vs ButterCMS

Resources

DocumentationBlogResource libraryCase Studies
  • React Blog
  • Gatsby Blog
  • Next.js Landing Pages
  • Progressive Web Application
  • Single Page Application
  • Svelte & Typescript App
  • Vue & Tailwind Blog
  • Developer Portfolio Templates
  • Form validation with Yup
  • Live Preview with Next.js and Sanity.io
  • Next.js blog
  • Next.js personal website
  • Clean Next.js + Sanity app
  • Clean Remix + Sanity app
  • Clean SvelteKit + Sanity app
  • All Templates
  • Agency partners
  • Technology partners
  • Headless CMS 101
  • What is an API CMS
  • Static Sites 101
  • Headless Commerce 101
  • Headless SEO
  • Localization
  • GraphQL vs REST
  • Content as a Service
  • What is a DXP?
  • Typescript 101
  • Ecommerce SEO
  • React CMS
  • Next.JS CMS
  • CMS for Shopify
  • Content platform
  • Multilingual CMS
  • Static Site CMS
  • Gatsby CMS
  • Node CMS
  • E-commerce CMS
  • Vue CMS
  • Angular CMS
  • GraphQL CMS
  • Newspaper CMS
  • Magazine CMS
  • CMS for apps
  • Remix CMS

Company

Contact SalesEnterpriseCareersTerms of ServicePrivacy PolicyAccessibility Statement

Stay connected

  • GitHub
  • Slack
  • Twitter
  • YouTube
  • Stack Overflow
  • Blog RSS
  • Newsletter
©Sanity 2023