Set up SSO authentication with SAML and PingIdentity
Implement single-sign on for Sanity with PingIdentity SAML
Go to Set up SSO authentication with SAML and PingIdentityLast updated January 09, 2025
Setting up a Default Relay State for IdP Initiated - SAML Logins
Expands upon our general SAML setup guide to configure a default relay state.
During the setup and configuration process, it's a good idea to keep two windows side by side:
- One with Sanity Manage.
- The other with the configuration settings of the IdP. For this example we will show screenshots from Okta.
Go to Sanity Manage and select the organization you want to enable SSO for your organization.
To navigate to the service provider configuration inside Sanity Manage:
- In the organization you intend to add a relay state to, go to Settings → SAML SSO.
- Find the relevant project, click the vertical “…” and select Copy Login URL (screenshot).
This login url will take you to the Sanity Manage page once logged in. If you'd instead prefer to, you can edit the URL for Studio Access rather than Manage. In this URL, replace the origin parameter value with your encoded Sanity Studio URL, which will route users directly to the Studio instead of the management page.Ex: If the copied login URL is:
https://api.sanity.io/v2021-10-01/auth/saml/login/7dfd3a21?origin=https%3A%2F%2Fwww.sanity.io%2Fmanage&projectId={MYPROJECT_ID}
update it to:
https://api.sanity.io/v2021-10-01/auth/saml/login/7dfd3a21?origin={MY_ENCODED_STUDIO_URL}&projectId={MYPROJECT_ID}
Gotcha
This url will need to be encoded
You can now update your IdP's default relay state.
- When I access Sanity from my IdP dashboard, I receive:
{ "id": "3431pXO", "displayName": "Sanity Support", "email": "sanity@sanity.io", "familyName": "Sanity Support", "givenName": "Sanity", "middleName": null, "imageUrl": null, "provider": "saml-f6a94", "tosAcceptedAt": "2024-11-20T18:51:57.264Z", "createdAt": "2024-11-20T18:51:57.264Z", "updatedAt": "2024-11-20T18:51:57.535Z", "isCurrentUser": true, "providerId": "49jc94jf949930304jkojfciojlj934003490943" }- It does not appear you have set up your default relay state within your IdP, you will need to also configure within your Idp settings.
Sanity – build remarkable experiences at scale
Sanity Composable Content Cloud is the headless CMS that gives you (and your team) a content backend to drive websites and applications with modern tooling. It offers a real-time editing environment for content creators that’s easy to configure but designed to be customized with JavaScript and React when needed. With the hosted document store, you query content freely and easily integrate with any framework or data source to distribute and enrich content.
Sanity scales from weekend projects to enterprise needs and is used by companies like Puma, AT&T, Burger King, Tata, and Figma.
Other guides by author
Set up SSO authentication with SAML and Azure/Entra ID
Implement single sign-on authentication with the SAML protocol and Microsoft Azure AD/ Entra ID as the identity provider.
