Legacy Netlify Create SSO
Legacy Netlify Create Single-Sign On (SSO) is available for enterprise customers so that their members can use their company credentials to edit projects in Netlify Create’s visual editor.
Available functionality includes synchronization with the Identity Provider (IdP) of choice via SSO for the following:
- User addition/deletion
- Member role sync via IdP groups
- Default project role sync via IdP groups
# Team member attributes
Team members come with two main attributes:
- Member Role: The role in the team. If using SSO, this can be synced with roles in the Identity Provider.
- Default Project Role: (optional) This is helpful for organizations with cross-functional users. If using SSO, this can be synced with roles in the Identity Provider.
Note
If members who have a pending invitation are added to member groups or projects, they will immediately have access to those member groups and projects upon accepting the invitation.
# Manage SSO users
If using SSO, the team gets defined in the Identity Provider (IdP). Netlify Create is kept in sync and updates additions, deletions, and data updates in the IdP. SSO users can not be added or removed via Netlify Create.
Netlify Create also updates user roles (role in the team and default project role) according to groups in the IdP or the user attributes in the IdP. SSO user roles can't be edited from Netlify Create.
# Configure SSO for Netlify Create
To setup to work with Netlify Create, go to your IdP and find the place to add a custom attribute for groups and/or for users (depending on how you're planning to use SSO with Netlify Create).
Two custom attributes need to be created following the details in the tables below.
Team Role
| Info | Description |
|---|---|
| Data Type | string |
| Display Name | "Stackbit Team Role" |
| Variable Name | stackbit_organization_role (must match exactly) |
| Define enumerated list of values | true (check the box) |
| Attribute Members | Admin: adminMember: member |
| Attribute Required | true (check the box) |
Default Project Role
| Info | Description |
|---|---|
| Data Type | string |
| Display Name | "Stackbit Default Project Role" |
| Variable Name | stackbit_default_project_role (must match exactly) |
| Define enumerated list of values | true (check the box) |
| Attribute Members | Viewer: viewerEditor: editorPublisher: publisherDeveloper: developer |
| Attribute Required | true (check the box) |
# How SSO sync works
When a user logs in to Netlify Create for the first time, Netlify Create will get their team role and their default project role from the group they're assigned to in the IdP.
This value can't be edited from Netlify Create. When changed in the IdP, it is synced and will be updated in Netlify Create. Default project roles can be found under Manage team > Members and roles > All members.
# Projects in SSO teams
Since the team is defined in the Identity Provider (IdP), the collaborators dropdown will only show users of the team who have logged in Netlify Create at least once as part of the team in Netlify Create.
However, everyone added to the team in the IdP will be able to use SSO to log into Netlify Create with their company credentials.
Users who have not logged into Netlify Create at least once, can still be added to member groups and projects, but they will appear as pending until they log into Netlify Create for the first time.
Did you find this doc useful?
Your feedback helps us improve our docs.