https://sourcegraph.example.com
with your Sourcegraph URL):https://sourcegraph.example.com/.auth/saml/acs
https://sourcegraph.example.com/.auth/saml/metadata
email
(required): user.emaillogin
(optional): user.logindisplayName
(optional): user.firstNameexternalURL
is set the same Sourcegraph URL you used in the previous section (i.e., what you replaced https://sourcegraph.example.com
with). Be mindful to use the exact same scheme (http
or https
), and there should be no trailing slash.auth.providers
with type
"saml" and identityProviderMetadataURL
set to the URL you copied from the "Identity Provider metadata" link in the previous section. Here is an example of what your site configuration should look like:{ // ... "externalURL": "https://sourcegraph.example.com", "auth.providers": [ { "type": "saml", "identityProviderMetadataURL": "https://okta.example.com/app/8VglnckX0yyhdkp0bk00/sso/saml/metadata" } ] }
Confirm there are no error messages in the sourcegraph/server
Docker container logs (or the sourcegraph-frontend
pod logs, if Sourcegraph is deployed to a Kubernetes cluster). The most likely error message indicating a problem is Error prefetching SAML service provider metadata
. See SAML troubleshooting for more tips.