Overview

Single Sign-On enforces secure OIDC-based sign-in to the Crusoe Cloud Console from your identity provider. Requiring SSO is highly recommended to help protect your account from breaches. When SSO is required for a user, they will be routed to their SSO login from the Crusoe Cloud login page. Users who are not SSO-enabled will be prompted to enter their password.

SSO supports just-in-time (JIT) provisioning, automatically creating a reader account (with minimal permissions) for users upon their first SSO login.

Setting up SSO as an Administrator

To begin, your organization's administrator will need to work with our Customer Success team to securely configure SSO. Reach out to your Customer Success representative to schedule a time. During this process we will:

Create an Application: You will create a new OIDC-based application for Crusoe Cloud within your identity provider.
Add an Identity Provider in Crusoe: In the Crusoe console, you will add your identity provider, which will generate a Client ID and Issuer URI.
Securely Share Credentials: You will need to securely provide us with the Client Secret for the application in your identity provider.
Finalize Configuration: Our team will complete the backend configuration to enable the connection.

Once the setup is complete, your organization's administrator can then enforce SSO on a per-user basis from within the Crusoe console.

Important Considerations

Okta Only: This initial release exclusively supports Okta.
Manual User De-provisioning: User de-provisioning is not yet automated. When a user is removed from your identity provider, an administrator must manually delete their account in the Crusoe console.
Authentication Only: The current integration handles authentication only and does not manage permissions or group-based authorization from your identity provider.

Support and Recovery

Should you encounter any issues, such as all users being locked out, please contact our Customer Success team who can assist in restoring access to your organization.