LOG IN SIGN UP
Documentation

Setting up single sign-on (SSO)

  Last updated April 12, 2018

If your company uses an identity provider (IdP) like Okta or OneLogin to manage user authentication, you can enable Fastly's single sign-on (SSO) feature. This feature allows your organization's users to sign in to the Fastly web interface using the IdP instead of an email address and password.

Prerequisites

Review the following prerequisites before enabling SSO for your organization:

You should also review this feature's limitations before enabling SSO.

Enabling SSO

Follow these instructions to enable SSO for your organization:

  1. Log in to the Fastly web interface and click the Account link from the user menu. Your account information appears.
  2. Click the Single Sign On link. The Single Sign On page appears.
  3. Click the appropriate button to select your organization's IdP.

    the sections of the SSO page that allow you to select your identify provider and configure your IdP

  4. Using the configuration details that appear, create a new SAML 2.0 application in your IdP's administration console and assign the application to new and existing users. Refer to your IdP's documentation for more information.
  5. After creating the SAML 2.0 application in your IdP, download the XML metadata file with your application’s SAML configuration. The XML file includes a public certificate used to verify the signature of SAML assertions.
  6. Upload your IdP metadata file. You can do this by dragging and dropping the file into the area provided or by browsing for the file and uploading it.

    the IdP metadata box

  7. Click the Save Metadata button.
  8. Click the SSO is ready switch to enable SSO for your organization.

    the SSO is ready switch

  9. Click the Proceed button in the confirmation window that appears.

SSO is now enabled for your organization. Existing users on your Fastly account can now use SSO to log in to Fastly provided that the user's email address with Fastly matches an email address with your IdP and the user has been explicitly assigned your SAML application.

Performing user tasks with SSO enabled

If your organization has enabled SSO, you may notice different feature availability in the Fastly web interface. This section describes the differences.

Changing your email address and password

Because SSO requires user email addresses in Fastly to match those in the IdP, you won't be able to change your email address while logged in using SSO. You also won't be able to modify your password or enable two-factor authentication.

Creating an API token

To create an API token while logged in to the Fastly web interface using SSO, you'll need to reauthenticate with your IdP. Follow the instructions for creating an API token and click the Re-Authenticate button on the Create a Token page.

Managing sessions

Sessions created by logging in to the Fastly web interface using SSO expire after 12 hours of inactivity. Sessions created by logging in with a username and password expire after 48 hours.

Disabling SSO

Follow these instructions to disable SSO for your organization:

  1. Log in to the Fastly web interface and click the Account link from the user menu. Your account information appears.
  2. Click the Single Sign On link. The Single Sign On page appears.
  3. Click the SSO is enabled switch to disable SSO for your organization.

    the SSO is enabled switch

  4. Click the Disable SSO button in the confirmation window that appears.

SSO is now disabled. If you need to set up a new IdP, click Change SSO provider and follow the instructions in the enabling SSO section.

Limitations

Fastly's SSO feature has the following limitations:


Back to Top