SSO Overview
Learn how to log in to Infisical via SSO protocols.
Infisical offers Google SSO and GitHub SSO for free across both Infisical Cloud and Infisical Self-hosted. Infisical also offers SAML SSO authentication but as paid features that can be unlocked on Infisical Cloud’s Pro tier or via enterprise license on self-hosted instances of Infisical. On this front, we support industry-leading providers including Okta, Azure AD, and JumpCloud; with any questions, please reach out to team@infisical.com.
You can configure your organization in Infisical to have members authenticate with the platform via protocols like SAML 2.0.
To note, Infisical’s SSO implementation decouples the authentication and decryption steps – which implies that no Identity Provider can have access to the decryption key needed to decrypt your secrets (this also implies that Infisical requires entering the user’s Master Password on top of authenticating with SSO).
Identity providers
Infisical supports these and many other identity providers:
If your required identity provider is not shown in the list above, please reach out to team@infisical.com for assistance.
FAQ
Why does Infisical require additional email verification for users connected via SAML?
Why does Infisical require additional email verification for users connected via SAML?
By default, Infisical Cloud is configured to not trust emails from external identity providers to prevent any malicious account takeover attempts via email spoofing. Accordingly, Infisical creates a new user for anyone provisioned through an external identity provider and requires an additional email verification step upon their first login.
If you’re running a self-hosted instance of Infisical and would like it to trust emails from external identity providers, you can configure this behavior in the admin panel.
SSO Overview
Learn how to log in to Infisical via SSO protocols.
Infisical offers Google SSO and GitHub SSO for free across both Infisical Cloud and Infisical Self-hosted. Infisical also offers SAML SSO authentication but as paid features that can be unlocked on Infisical Cloud’s Pro tier or via enterprise license on self-hosted instances of Infisical. On this front, we support industry-leading providers including Okta, Azure AD, and JumpCloud; with any questions, please reach out to team@infisical.com.
You can configure your organization in Infisical to have members authenticate with the platform via protocols like SAML 2.0.
To note, Infisical’s SSO implementation decouples the authentication and decryption steps – which implies that no Identity Provider can have access to the decryption key needed to decrypt your secrets (this also implies that Infisical requires entering the user’s Master Password on top of authenticating with SSO).
Identity providers
Infisical supports these and many other identity providers:
If your required identity provider is not shown in the list above, please reach out to team@infisical.com for assistance.
FAQ
Why does Infisical require additional email verification for users connected via SAML?
Why does Infisical require additional email verification for users connected via SAML?
By default, Infisical Cloud is configured to not trust emails from external identity providers to prevent any malicious account takeover attempts via email spoofing. Accordingly, Infisical creates a new user for anyone provisioned through an external identity provider and requires an additional email verification step upon their first login.
If you’re running a self-hosted instance of Infisical and would like it to trust emails from external identity providers, you can configure this behavior in the admin panel.