Dosu Logo
Home
Documents
8 - Single Sign-On (SSO)
8 - Single Sign-On (SSO)
Type
Document
Status
Published
Created
Jan 12, 2026
Updated
Feb 28, 2026
Updated by
Dosu Bot

Dosu supports SAML 2.0 Single Sign-On, allowing your team to authenticate using your organization's identity provider. SSO is available for Enterprise customers.

Supported Identity Providers#

Dosu works with any SAML 2.0 compliant identity provider, including:

  • Okta
  • Microsoft Entra ID (formerly Azure Active Directory)
  • Google Workspace
  • OneLogin
  • PingIdentity
  • JumpCloud

Setting Up SSO#

SSO setup is a guided process completed with the Dosu team. To get started, contact us at customer-success@dosu.dev with the following information:

SAML Metadata

Provide one of the following:

  • Metadata URL (preferred): A publicly accessible URL to your IdP's SAML metadata. This allows Dosu to automatically stay in sync with your IdP configuration.
  • Metadata XML file: If your IdP doesn't provide a public metadata URL, export the SAML metadata as an XML file and send it to us.

Email Domains#

List all email domains that should authenticate via SSO. For example: yourcompany.com, yourcompany.co.uk. Users with these email domains will be redirected to your identity provider when signing in.

Configuring Your Identity Provider#

After you contact us, we'll provide you with the configuration values to enter in your IdP:

  • ACS URL (Assertion Consumer Service URL)
  • Entity ID (also called Audience URI or SP Entity ID)
  • NameID Format: emailAddress

These values are specific to your organization and will be provided during setup.

Setup Process#

  1. Contact customer-success@dosu.dev with your SAML metadata and email domains
  2. We configure SSO for your organization and send you the IdP configuration values
  3. You configure your identity provider with the values we provide
  4. We verify the connection and confirm setup is complete
  5. Users with the specified email domains can now sign in using SSO

How SSO Sign-In Works#

Once SSO is configured, users with matching email domains will see a "Sign in with SSO" option on the login page. Clicking this redirects them to your identity provider to authenticate. After successful authentication, they're redirected to Dosu and automatically signed in.

Users who aren't part of your organization can still sign in with other methods (GitHub, Google, or email).

Domain-Based Autojoin#

Enterprise accounts can enable domain-based autojoin to streamline onboarding for users with matching email domains. Autojoin is a separate, independent feature from SSO—you can enable autojoin without SSO, SSO without autojoin, both together, or neither.

When autojoin is enabled, users who sign up with an email domain that matches your organization's configured autojoin domains are automatically added to your organization as a member.

How It Works:

  • When a user signs up with any authentication method (OAuth, email/password, SSO, etc.) and their email domain matches your configured autojoin domains, they are automatically added to your organization
  • Their user role is set to MEMBER (or to the role specified in any pending invitation)
  • Their onboarding is marked as complete, giving them immediate access to your organization
  • This eliminates the need for manual invitations or approval workflows

Benefits:

  • Seamless onboarding for enterprise users
  • No manual invitation required for users with company email addresses
  • Users gain immediate access after signing up
  • Works independently of SSO—useful for organizations that want automatic provisioning without requiring SSO authentication

Configuration:

Autojoin domains are configured separately from SSO domains. While you may choose to use the same domains for both features, they are managed independently. This allows flexibility—for example, you could enable autojoin for company.com while only requiring SSO for a subset of users.

To enable domain-based autojoin for your organization, contact customer-success@dosu.dev.

FAQ#

Is SSO available on all plans?

SSO is available for Enterprise customers. Contact us to learn more about Enterprise plans.

Can I require SSO for all users in my organization?

Yes. Once SSO is configured, you can optionally enforce SSO-only authentication for users with your email domains.

What happens to existing users when SSO is enabled?

Existing users with matching email domains will be prompted to sign in via SSO on their next login. Their accounts and data remain intact.

Can I use multiple identity providers?

Each organization can have one SSO configuration. If you need to support multiple IdPs, contact us to discuss your requirements.

Questions?#

Contact customer-success@dosu.dev for assistance with SSO setup or to request SSO for your organization.