SAML Authentication

Enterprise users who host their own private Convox Console can take advantage of SAML SSO authentication and access. For more information on the Enterprise plan, see here.

SSO access through SAML can be enabled by simply setting two environment variables on your Console app.

$ convox env set -a console AUTHENTICATION=saml
$ convox env set -a console SAML_METADATA=https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml
  • AUTHENTICATION set to saml
  • SAML_METADATA set to the metadata endpoint for your SAML Identity Provider. This varies from provider to provider so please check your documentation from them.
    • For example, Microsoft/Azure IdP information can be found here
    • For Okta, the IdP information can be found here

Once configured, promote the environment changes

$ convox releases promote -a console --wait

The Console will retrieve the metadata from the provider endpoint to configure everything else.

To disable SAML SSO access, change the AUTHENTICATION environment variable back to it’s previous value or simply remove the value, as appropriate.