Custom authentication
The Studio can be configured to use your own login solution rather than the standard ones by supplying the auth provider details in your studio configuration.
Custom authentication can be configured for the studio or individual workspaces. This is done by configuring the config key auth for the studio or workspace with a configuration object that adheres to the AuthConfig signature.
import {defineConfig} from 'sanity'
export default defineConfig({
// ... The rest of the studio config.
auth: {
providers: [
{
name: 'sanity',
title: 'Email / Password',
url: 'https://api.sanity.io/v1/auth/login/sanity',
},
],
},
})import {defineConfig} from 'sanity'
export default defineConfig({
// ... The rest of the studio config.
auth: {
providers: (prev) => [...prev,
{
name: 'newProvider',
title: 'Email / Password',
url: 'https://url.to.other.login',
}
]
},
})Gotcha
In studio versions prior to v3.15.0 the recommended way to configure custom authentication included using the createAuthConfig helper method. This approach will still work, but is considered deprecated in favor of the more straight forward new method.
SAML single-sign on (SSO)
This is a paid feature
This feature is available as an addon for the Growth plan.
When you configure SSO with SAML, you're receive a code snippet to help you configure the custom authentication section if your Sanity config.
Setting up Single Sign-On with SAML
This article will take you through the process of setting up SAML (Security Assertion Markup Language) SSO (Single Sign-on) for your organization.
Set up SSO authentication with SAML and JumpCloud
Implement single-sign on for Sanity with JumpCloud
Set up SSO authentication with SAML and PingIdentity
Implement single-sign on for Sanity with PingIdentity SAML
Set up SSO authentication with SAML and Azure/Entra ID
Implement single sign-on authentication with the SAML protocol and Microsoft Azure AD/ Entra ID as the identity provider.
SSO and Media Library
If you use a self-hosted Studio and use SSO, you may run into issues accessing Media Library.
To work around this, use one of the following options:
- If your provider supports it, you can use a token-based login method by setting
auth.loginMethod: 'token'. - Log in to the dashboard prior to accessing Media Library.
We're working to support other methods in the future.
Was this page helpful?