Set up SSO authentication with SAML and PingIdentity
Expands upon our general SAML setup guide to configure a default relay state.
During the setup and configuration process, it's a good idea to keep two windows side by side:
Go to Sanity Manage and select the organization you want to enable SSO for your organization.
To navigate to the service provider configuration inside Sanity Manage:
This login url will take you to the Sanity Manage page once logged in. If you'd instead prefer to, you can edit the URL for Studio Access rather than Manage. In this URL, replace the origin parameter value with your encoded Sanity Studio URL, which will route users directly to the Studio instead of the management page.Ex: If the copied login URL is:
https://api.sanity.io/v2021-10-01/auth/saml/login/7dfd3a21?origin=https%3A%2F%2Fwww.sanity.io%2Fmanage&projectId={MYPROJECT_ID}
update it to:
https://api.sanity.io/v2021-10-01/auth/saml/login/7dfd3a21?origin={MY_ENCODED_STUDIO_URL}&projectId={MYPROJECT_ID}
This url will need to be encoded
You can now update your IdP's default relay state.
{ "id": "3431pXO", "displayName": "Sanity Support", "email": "sanity@sanity.io", "familyName": "Sanity Support", "givenName": "Sanity", "middleName": null, "imageUrl": null, "provider": "saml-f6a94", "tosAcceptedAt": "2024-11-20T18:51:57.264Z", "createdAt": "2024-11-20T18:51:57.264Z", "updatedAt": "2024-11-20T18:51:57.535Z", "isCurrentUser": true, "providerId": "49jc94jf949930304jkojfciojlj934003490943" }
