Enable SSO for Your Organization

Supabase offers single sign-on (SSO) as a login option to provide additional account security for your team. This allows company administrators to enforce the use of an identity provider when logging into Supabase. SSO improves the onboarding and offboarding experience of the company as the employee only needs a single set of credentials to access third-party applications or tools which can also be revoked easily by an administrator.

Setup and limitations

Supabase supports practically all identity providers that support the SAML 2.0 SSO protocol. We've prepared these guides for commonly used identity providers to help you get started. If you use a different provider, our support stands ready to support you.

Accounts signing in with SSO have certain limitations. The following sections outline the limitations when SSO is enabled or disabled for your team.

Enable SSO for your team

  • Organization invites are restricted to company members belonging to the same identity provider.
  • Every user has an organization created by default. They can create as many projects as they want.
  • An SSO user will not be able to update or reset their password since the company administrator manages their access via the identity provider.
  • If an SSO user with the following email of [email protected] attempts to sign in with a GitHub account that uses the same email, a separate Supabase account is created and will not be linked to the SSO user's account.
  • An SSO user will not be able to see all organizations/projects created under the same identity provider. They will need to be invited to the Supabase organization first. Refer to access control for more information.

Disable SSO for your team

  • You can prevent a user's account from further access to Supabase by removing or disabling their account in your identity provider.
  • You should also remove or downgrade their permissions from any organizations inside Supabase.