Enabling SSO for your organization can be configured via the Spotinst Console. The following article will cover the basics of setting up an SSO for your organization.

Supported Identity Providers

We currently support the following identity providers:

Managing SAML-based single sign-on via spotinst console

In order to manage SSO configurations follow these steps:

  1. Login to your Spotinst account as an administrator: spotinst console
  2. Click on the user-icon and enter “Settings”.


3. Click on the “SECURITY” tab at the top and then select “Identity Providers”


SSO Settings Page



Relay state – The Organization ID –  Used as the Relay State configuration for the identity provider (Used in Idp Initiated SSO)

Provider type – Currently the only supported standard is SAML (Security Assertion Markup Language)

Metadata – Data provided by the identity provider in order to sync our settings properly. For further information head to the documentation for your Identity Provider:

User Default Organization Role – The role which will be given to users that logged in via the Identity Provider (Viewer/Editor)

For further information regarding user roles, check the following link: Spotinst – user roles

User Allowed Accounts – The accounts which the user will have access to (default account/all account)

For further information regarding accounts, check the following link: Organizations and accounts

Organization and Role Selection

When you want to determine different user roles per account, we allow you choosing the organization and role he wants to sign in with when signing in with SSO.

Configure the IDP to create a SAML response with the parameter “OrgAndRole”.
This configuration will generate another screen which will let the user choose an organization and role:



Roles can be define only by organization or by account. not both.

For organization level SSO, learn more.

For account level SSO, learn more.