Join us for our biggest AI launch event on 10/31

Announcing Visual Copilot - Figma to production in half the time

Builder.io logo
Contact Sales
Platform
Developers
Contact Sales

Blog

Home

Resources

Blog

Forum

Github

Login

Signup

×

Visual CMS

Drag-and-drop visual editor and headless CMS for any tech stack

Theme Studio for Shopify

Build and optimize your Shopify-hosted storefront, no coding required

Resources

Blog

Get StartedLogin

enterprise plans

With Single Sign-On (SSO), users authenticate with multiple applications using one set of login credentials.

This document is a general guide for use with setting up SSO with Builder and your identity provider (IdP). In addition to this generic document, there are instructions specifically for Microsoft Entra, Google Workspace, and Okta.

Before starting, make sure you have:

  • An Enterprise plan with Builder.
  • Organization Admin permissions within Builder.
  • Administrative access to your Identity Provider platform.

These instructions offer general guidelines but the specifics vary depending on your IdP.

  1. Log in to your IdP's admin console and navigate to the section where you can manage applications.
  2. Create a new application integration for SSO. Your IdP might support various protocols; choose OIDC (OpenID Connect) or SAML 2.0, depending on your needs.
  3. If using OIDC, make a note of the Client ID and Issuer URL. If using SAML, note the relevant details like SAML Issuer ID.
  4. Set up the attribute mappings if necessary. Make sure that the username or email address fields used by Builder are correctly mapped from your IdP.
  5. Save or note down any relevant metadata, certificates, or secrets that will be required to configure SSO on Builder's side.
  6. After setting up your IdP, come back to Builder and continue to the next section.

Since configuring SSO requires coordinating information between Builder and your IdP, it's helpful to have your IdP admin console open in one browser tab and Builder open in another so you can cross reference if necessary.

  1. In Builder, go to your Organization Settings.
  2. Locate the Single Sign-On settings and click the Edit button.
  3. Choose the SSO method corresponding to the protocol you set up with your IdP (OIDC or SAML).
  4. Enter the Display Name for the SSO integration. This is the name that displays to users during the login process.
  5. For SAML, enter the IdP entity ID, IdP entity Id, SSO URL, and the X.509 certificate. For OIDC, enter the IdP Client Id, IdP Client Secret, and the IdP Issuer Url. If you're using OIDC and your application type supports it, enter the Client Secret to enable the Authorization Code Flow for enhanced security.
  6. Click the Save button to save your SSO configuration.

After configuring SSO, test the login flow by logging out of Builder and navigating to the SSO login URL specific to your integration, for example, https://builder.io/login/saml/your-provider-id or https://builder.io/login/oidc/your-sso-name.

Make sure that cookies are enabled in your browser as SSO relies on them for maintaining session information.

By default, usernames are not mapped between Builder and identity providers. However, administrators can establish this connection by mapping a specific name field from the identity provider to the name attribute in Builder's profile settings. This configuration ensures that the username is properly set upon user login with SSO.

To map usernames between Builder and your IdP, you'll need to go to your IdP to update your profile mappings.

Due to recent browser updates, if you previously used the Firebase URL, you must update your authentication domain for SSO to ensure compatibility and security.

To accommodate these changes while maintaining existing SSO configurations, use the new URL as well as the authDomain=new param with the login URL:

  1. Replace the previous redirect URL of https://builder-3b0a2.firebaseapp.com/__/auth/handler with the new domain https://builder.io/__/auth/handler. This applies to both SAML and OIDC configurations and must be updated in the Identity Provider (IdP) settings.
  2. Append the query parameter authDomain=new to the login URL. For example, a bookmarked login URL would be formatted as https://builder.io/login/saml/{your-sso-name}?authDomain=new.

Omitting this query parameter will result in incompatibility with the new custom domain. Consequently, SSO may not function with the latest versions of browsers such as Firefox and Safari.

For IdP-initiated logins, the login URL provided by the IdP must also include the authDomain=new parameter to ensure seamless integration.

If you're using OIDC, you can leverage Code Flow. For details, read Using Code Flow with SSO.

Was this article helpful?

Product

Visual CMS

Theme Studio for Shopify

Sign up

Login

Featured Integrations

React

Angular

Next.js

Gatsby

Get In Touch

Chat With Us

Twitter

Linkedin

Careers

© 2020 Builder.io, Inc.

Security

Privacy Policy

Terms of Service

Newsletter

Get the latest from Builder.io

By submitting, you agree to our Privacy Policy

Product

Platform Overview

Integrations

What's New

Open Source

Builder

Builder

Mitosis

Mitosis

Qwik

Qwik

Partytown

Partytown

Popular Guides

From Design to Code Guide

Composable Commerce Guide

Headless CMS Guide

Headless Commerce Guide

Composable DXP Guide

Design to Code

Resources

Blog

Knowledge Base

Community Forum

Partners

Templates

Success Stories

Showcase

Resource Center

Frameworks

React

React

Next

Next.js

Qwik

Qwik

Gatsby

Gatsby

Angular

Angular

Vue

Vue

Svelte

Svelte

Remix logo

Remix

Nuxt

Nuxt

Hydrogen

Hydrogen

See All

© 2024 Builder.io, Inc.

Security

Privacy Policy

SaaS Terms

Security & Compliance

Cookie Preferences