You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/modules/permissions-authentication/pages/sso-overview.adoc
+19-6Lines changed: 19 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,25 @@ Using SSO for authentication can result in improved security and user experience
32
32
* Adding and deleting users.
33
33
* Managing user permissions.
34
34
35
-
**For a member of an organization using SSO for authentication:** The process of authentication to access applications is simplified. Rather than authenticating separately for each application, SAML SSO enables the user to confirm their identity _once_ with an IdP and that authentication is communicated to the applications (such as CircleCI) that the user has access to. The user may then access these applications for the duration of their session.
35
+
**For a member of an organization using SSO for authentication:** The process of authentication to access applications is simplified. Rather than authenticating separately for each application, SAML SSO enables the user to confirm their identity _once_ with an IdP. This authentication is then communicated to all applications (such as CircleCI) that the user has access to. The user may then access these applications for the duration of their session.
36
+
37
+
== Personal API tokens with SSO
38
+
39
+
When your organization uses SSO, Personal API tokens require SSO authentication to access your organization's resources.
40
+
41
+
To use Personal API tokens with SSO-protected resources:
42
+
43
+
. Go to the link:https://app.circleci.com/home/[CircleCI web app].
44
+
. Select your profile from the upper right corner, then select menu:User Settings[].
45
+
. Select menu:Personal API Tokens[] from the sidebar.
46
+
. For each token you want to use with your SSO-enabled organization, select the organization from the dropdown in the SSO column.
47
+
. Once you select an organization, the token becomes SSO-authenticated and can access your organization's resources.
48
+
49
+
**Important notes:**
50
+
51
+
* The SSO authentication option for tokens is only available when you are actively signed in via SSO.
52
+
* SSO authentication is only required for tokens you intend to use with SSO-enabled organization resources.
53
+
* Tokens without SSO authentication still work with non-SSO protected resources.
36
54
37
55
[#prerequisites-and-limitations]
38
56
== Limitations
@@ -42,11 +60,6 @@ SSO for CircleCI currently has the following limitations:
42
60
* SSO requires all users to log into CircleCI either with an email and password or using social logins like GitHub, Bitbucket prior to the SSO login. The email used to log in to CircleCI does *not* need to match the email used to authenticate with the IdP.
43
61
* CircleCI supports SSO using one domain per organization.
44
62
* When the user logs in using social logins like GitHub or Bitbucket, then they need to authorize SSO in the VCS org along with SSO setup in CircleCI.
45
-
* Personal API tokens will not work against your organization after SSO is enabled. As a result **the following features are unavailable when using SSO**:
46
-
** The CircleCI VS Code plugin will **not** work against your organization after SSO is enabled.
47
-
** The CircleCI CLI will **not** work against your organization after SSO is enabled.
48
-
** API v2 endpoints will **not** be accessible for your organization after SSO is enabled.
49
-
** Config policies will **not** be usable/enforcable for your organization after SSO is enabled.
0 commit comments