Back
Teams & Enterprise

SSO Setup

Configure Single Sign-On (SAML or OIDC) for your organization.

SSO Setup

SSO allows your team members to sign in to VULK using your organization's identity provider (IdP). VULK supports SAML 2.0 and OIDC protocols.

SSO is available on the Business plan only. Contact support if you need SSO on a different plan.

Supported Protocols

ProtocolProviders
SAML 2.0Okta, OneLogin, Azure AD, Google Workspace, any SAML IdP
OIDCOkta, Auth0, Azure AD, Google Workspace, any OIDC provider

SAML Setup

1. Get VULK Service Provider Details

In Settings > SSO, you will find:

  • SP Entity ID: https://vulk.dev/api/auth/sso/metadata
  • ACS URL (Assertion Consumer Service): https://vulk.dev/api/auth/sso/callback
  • NameID Format: Email address

2. Configure Your IdP

In your identity provider (e.g., Okta, Azure AD):

  1. Create a new SAML application
  2. Set the ACS URL and Entity ID from step 1
  3. Configure NameID to send the user's email address
  4. Download the IdP metadata or certificate

3. Configure VULK

In Settings > SSO:

  1. Select SAML as the provider type
  2. Enter the IdP SSO URL (where VULK redirects users to sign in)
  3. Paste the IdP certificate (X.509 PEM format)
  4. Optionally set the IdP Entity ID
  5. Click Save

4. Verify Your Domain

Add a DNS TXT record to verify you own the email domain:

_vulk-verify.yourdomain.com  TXT  vulk-verify-xxxxxxxxxxxx

5. Test and Activate

Click Test SSO to verify the configuration works. Once verified, toggle SSO to active.

OIDC Setup

1. Register VULK in Your IdP

Create an OIDC application with:

  • Redirect URI: https://vulk.dev/api/auth/sso/callback
  • Scopes: openid email profile

2. Configure VULK

In Settings > SSO:

  1. Select your provider (Okta, Auth0, Azure AD, or Google Workspace)
  2. Enter the Issuer URL (e.g., https://your-org.okta.com)
  3. Enter the Client ID
  4. Enter the Client Secret (encrypted at rest)
  5. Click Save

Auto-Provisioning

When enabled, users who authenticate via SSO are automatically:

  • Created in VULK (if they don't exist)
  • Added to your organization with the default role (Member)

Disable auto-provisioning if you want to manually invite members before they can sign in.

Security

  • SAML responses are validated using the @node-saml/node-saml library
  • XML signatures are verified against the IdP certificate
  • Assertion conditions (NotBefore, NotOnOrAfter) are checked
  • Audience restriction is enforced
  • Client secrets are encrypted with AES-256-GCM
  • SSO state tokens use CSRF protection with secure, httpOnly cookies

Teams Overview

Collaborate with team members on VULK.

API Reference

Access VULK programmatically via our REST API

On this page

SSO SetupSupported ProtocolsSAML Setup1. Get VULK Service Provider Details2. Configure Your IdP3. Configure VULK4. Verify Your Domain5. Test and ActivateOIDC Setup1. Register VULK in Your IdP2. Configure VULKAuto-ProvisioningSecurity
VULK Support

Online

Hi! How can I help you today?

Popular topics

Login for personalized support

AI support • support.vulk.dev