Single Sign-On (SSO) is available for Vespa Cloud customers on the Enterprise plan. It is powered by Auth0's Self-Service Enterprise Configuration and supports the following identity provider connectors:
Once SSO is active, users signing in with an email address on the configured domain are automatically redirected to your identity provider.
SSO setup requires involvement from both the customer and the Vespa Support team. The overall flow is:
Initiate: Contact Vespa Support or your account manager to request SSO setup. Include your Vespa Cloud tenant name in the request.
Receive self-service URL: Vespa Support will provide you with a self-service configuration URL for your tenant.
Validate your domain: In the self-service portal, you will be given a DNS TXT record to add to your domain. This proves ownership of the email domain that will be used for SSO. Propagation may take up to 48 hours depending on your DNS provider.
Configure your identity provider: The self-service portal guides you through the connector-specific setup. Follow the on-screen instructions to configure either Generic SAML or Okta OIDC in your identity provider.
Confirm completion: Once you have completed the configuration, notify Vespa Support.
Activation: Vespa Support will verify the setup and activate the SSO connection for your tenant.
Users authenticating with an email address belonging to your validated domain will be automatically redirected to your identity provider when signing in to Vespa Cloud.
Users who previously authenticated with username/password or other methods will be required to authenticate through SSO going forward.
For questions or issues during setup, reach out to Vespa Support or contact your account manager.