Netlify Create /

Legacy Netlify Create SSO

This feature is available on Create Enterprise plans.

Legacy Netlify Create Single-Sign On (SSO) is available for enterprise customers so that their members can use their company credentials to edit projects in Netlify Create’s visual editor.

Available functionality includes synchronization with the Identity Provider (IdP) of choice via SSO for the following:

  • User addition/deletion
  • Member role sync via IdP groups
  • Default project role sync via IdP groups

# Team member attributes

Team members come with two main attributes:

  • Member Role: The role in the team. If using SSO, this can be synced with roles in the Identity Provider.
  • Default Project Role: (optional) This is helpful for organizations with cross-functional users. If using SSO, this can be synced with roles in the Identity Provider.

Note

If members who have a pending invitation are added to member groups or projects, they will immediately have access to those member groups and projects upon accepting the invitation.

# Manage SSO users

If using SSO, the team gets defined in the Identity Provider (IdP). Netlify Create is kept in sync and updates additions, deletions, and data updates in the IdP. SSO users can not be added or removed via Netlify Create.

Netlify Create also updates user roles (role in the team and default project role) according to groups in the IdP or the user attributes in the IdP. SSO user roles can't be edited from Netlify Create.

# Configure SSO for Netlify Create

To setup to work with Netlify Create, go to your IdP and find the place to add a custom attribute for groups and/or for users (depending on how you're planning to use SSO with Netlify Create).

Two custom attributes need to be created following the details in the tables below.

Team Role

Info Description
Data Type string
Display Name "Stackbit Team Role"
Variable Name stackbit_organization_role (must match exactly)
Define enumerated list of values true (check the box)
Attribute Members Must match the built-in roles in Netlify Create and any custom roles you may want to make available:
Admin: admin
Member: member
Attribute Required true (check the box)

Default Project Role

Info Description
Data Type string
Display Name "Stackbit Default Project Role"
Variable Name stackbit_default_project_role (must match exactly)
Define enumerated list of values true (check the box)
Attribute Members Must match the built-in roles in Netlify Create and any custom roles you may want to make available:
Viewer: viewer
Editor: editor
Publisher: publisher
Developer: developer
Attribute Required true (check the box)

# How SSO sync works

When a user logs in to Netlify Create for the first time, Netlify Create will get their team role and their default project role from the group they're assigned to in the IdP.

This value can't be edited from Netlify Create. When changed in the IdP, it is synced and will be updated in Netlify Create. Default project roles can be found under Manage team > Members and roles > All members.

# Projects in SSO teams

Since the team is defined in the Identity Provider (IdP), the collaborators dropdown will only show users of the team who have logged in Netlify Create at least once as part of the team in Netlify Create.

However, everyone added to the team in the IdP will be able to use SSO to log into Netlify Create with their company credentials.

Users who have not logged into Netlify Create at least once, can still be added to member groups and projects, but they will appear as pending until they log into Netlify Create for the first time.