As balenaCloud has become more indispensable to enterprise customers over the last few years, we’ve received multiple requests to provide a more enterprise user management system. Today we’re pleased to announce the introduction of our latest feature: Enterprise Single Sign-on (SSO)
BalenaCloud’s Enterprise Single Sign-On (SSO) utilizes SAML (Security Assertion Markup Language) to communicate with identity providers (IdP) to verify users’ credentials. At balenaCloud, our mission is to make security as seamless and robust as possible. SAML SSO allows you to integrate your existing identity provider with balenaCloud, streamlining the login process and providing a secure, centralized authentication system for your entire organization. With SAML SSO, managing user access becomes more efficient, reducing the risk of unauthorized access and enhancing overall security.
If you’re not familiar with SSO or SAML, or need a refresher, check out this helpful article.
We’ve added a brief FAQ below to answer some of the questions you may have about this new feature. You can also check out our updated documentation for Enterprise SSO.
Q: Is balena’s Enterprise Single Sign-on (SSO) available to all balenaCloud users?
A: This feature is available to customers on standard paid plans (Prototype Plan, Pilot Plan, Production Plan, or Enterprise)
Q: Can I use any identity provider with balena’s Enterprise SSO?
A: We support any identity provider as long as they are compliant with the SAML 2.0 protocol specification such as Okta, Microsoft Entra ID (formerly Azure AD) and Google Workspace. We have provided examples for using Microsoft Entra ID and Google Workspace in our documentation.
Q: What do I need to start using balena’s Enterprise SSO feature?
A: You will need to have already configured a SAML 2.0 identity provider (IdP) and possess an XML certificate ready for upload.
Q: Are there any caveats to activating SSO with SAML on my balenaCloud account?
A: There are a number of items to keep in mind which are listed on this page. Some of the highlights include:
- The ownership and management of your account will be transferred from you, as an individual user, to the designated company.
- Your company can revoke your access at any time.
- You will no longer be able to log in using a username and password.
- Your API keys will be deleted.
We want to extend a huge thank you to our community for your continued support and feedback. Your input has been invaluable in shaping this feature, and we are excited to see how Enterprise SSO will help streamline your workflows and enhance your balenaCloud experience.
The EnterpriseSSO feature is now live, and we can’t wait for you to start using it. As always, feel free to reach out with any questions or feedback!
The balenaCloud Team
Start the discussion at forums.balena.io