Announcing self-serve SAML SSO: take control of your team’s authentication
Posted Nov 18, 2024 | 5 min. (1027 words)Managing user authentication and security for your team just got a serious upgrade. Raygun now offers self-serve security assertion markup language (SAML) single sign-on (SSO) — making it easier than ever to centralize and secure access to your Raygun account.
SAML SSO is now available for all customers. If you’re on a Business or Enterprise plan, we offer this feature at no additional cost. On other plans? No problem—you can add SAML SSO for just $50/month.
This new self-serve experience puts you in control. You can enable, configure, and manage SAML SSO directly from the Raygun app without relying on manual support processes. Whether part of a small team or managing hundreds of developers, this streamlined feature ensures your entire organization can sign in securely and seamlessly.
We will continue to support the existing Basic SSO (social logins) for legacy plans.
What’s in this article?
- What is SAML SSO, and why does it matter?
- Key features of self-serve SAML SSO
- Supported identity providers
- How to set up SAML SSO
- Frequently asked questions
- Troubleshooting tips
What is SAML SSO, and why does it matter?
SAML SSO allows your team to authenticate via a third-party identity provider instead of managing separate login credentials for Raygun. With SAML, you can integrate Raygun with leading identity providers.
This approach simplifies your team’s login process while enhancing security. Here’s why it’s a game-changer:
- Centralized authentication: Control access to Raygun from a single place—your identity provider.
- Improved security: Reduce reliance on passwords by integrating with your existing authentication methods like multi-factor authentication.
- Seamless experience: No more juggling multiple logins—your team can access Raygun through your identity provider using their existing credentials.
With the ability to self-serve SAML SSO setup, you no longer need to wait for support to configure or manage authentication settings. You’re in charge from start to finish.
Key features of self-serve SAML SSO
Here’s what you can expect from the new SAML SSO experience:
-
Self-serve configuration: From setup to management, everything is now at your fingertips in the Raygun app. You can configure SAML SSO directly from your plan settings. See the setup section below for details.
-
Flexible compatibility: Raygun supports a wide range of identity providers to fit your organization’s needs. Each provider has unique configuration steps, and we’ve detailed them in our updated documentation to make setup a breeze.
-
Enforce SAML SSO for all users: Take your organization’s security up a notch by requiring all users to authenticate via SAML SSO. With the
Enforce for all team members
toggle, you can lock down your account and ensure that no one can bypass your identity provider’s security measures. See image below (a) for details. -
Easy enable/disable options: Need to turn off SSO temporarily? It’s as simple as clicking
Disable
in the app. Want to re-enable it? Same deal. See image below (b) for details. You have full control over when and how SSO is active. -
De-provisioning made simple: SAML SSO also makes it easier to manage user access. If someone leaves your team, remove their access from your identity provider, and they’ll lose access to Raygun automatically. You no longer need to hunt down stray accounts or manually manage permissions.
Supported identity providers
Raygun supports the following identity providers:
- Okta
- JumpCloud
- Azure AD/Microsoft Entra ID
- ADFS
- Google Workspace (G-Suite)
How to set up SAML SSO
Ready to simplify authentication for your team? Head to your Plan Settings
now to enable SAML SSO and start configuring your setup. Here’s a step-by-step guide:
-
Access the SSO setup page: Log in to your Raygun account and navigate to
Plan Settings
>SAML SSO
. This is where you’ll enable and configure SSO. Your plan settings are located in the top right corner of the Raygun application under your name. -
Add details from your identity provider: Copy your identity provider’s SSO URL and certificate into the fields provided in the Raygun app. This URL connects Raygun to your identity provider. See image below (c) for details.
-
Configure your identity provider: Follow our detailed instructions to complete the setup in your identity provider. Depending on the provider, you may need to configure advanced settings like assertion signing and response formats. For example, if you’re using:
- Okta: Ensure the assertion is signed, but the response is unsigned.
- Google Workspace: Make sure the
Signed Response
checkbox is not enabled. - JumpCloud: Enable the ‘Sign Assertion’ checkbox in your SSO configuration.
-
Test the integration: Once you’ve configured everything, test the connection by attempting to log in via SSO. You can use the
Sign in with SSO
link on the Raygun login page or the custom endpoint provided during setup. -
Enforce SAML SSO (optional): If you’re confident that the SAML SSO works for all team members, toggle the
Enforce for all team members
option to lock down your account. See image below (a) for details.
Frequently asked questions
-
Q: What happens if I make a mistake during setup? No worries! If you get locked out or encounter issues, our support team is here to help. Just head to the contact us page.
-
Q: Can I use two-factor authentication (2FA) with SSO? Yes! If you have enabled 2FA on your account, you’ll still need to provide a token during login, even when using SSO.
-
Q: What if I need to remove SSO? You can delete the SSO configuration from your account anytime by clicking
Delete
on the SSO setup page.
Troubleshooting tips
Running into issues? Here are some common problems and solutions:
- Expired or invalid certificates: Ensure your certificate is up to date. It should be Base36 encoded (or Base64 if you are using Azure Active Directory) and include the lines
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
. - Public key mismatches: Ensure your identity provider uses the correct public key.
- User not found: Verify that the email address associated with the SSO response matches a user in Raygun.
If you have questions or need assistance, check out our comprehensive documentation or reach out to our support team.
We’re excited to see how this new feature helps you streamline security and team management. Let us know what you think! Not a Raygun customer? Try out the full Crash Reporting application free for 14 days!