SAML single sign-on for Gemfury βeta

Getting Started with SAML SSO

This guide walks through enabling SAML authentication for your Gemfury organization. Setup requires two phases: initial configuration and finalization after receiving your Provider ID.

Service Provider Information

Configure your IdP with these Gemfury settings. Replace PROVIDER_ID with the identifier assigned after initial setup.

Setting Value
ACS URL https://manage.fury.io/auth/saml/PROVIDER_ID/callback
Entity ID https://manage.fury.io/auth/saml/PROVIDER_ID
Name ID Format Persistent (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)

Name ID Format options:

  • Persistent — Uses an opaque identifier (recommended for stability)
  • Email — Uses email address as identifier (simpler fallback)

If you also use SCIM provisioning, prefer Persistent and have your IdP send a SCIM externalId equal to the persistent Name ID. This gives a stable, exact match between SAML logins and SCIM-provisioned users that survives email or username changes.

Your IdP must send signed assertions and include the user’s email attribute. See IdP Configuration for specific steps to enable signing in your Identity Provider.

Setup Overview

SAML configuration requires two phases because you need your Provider ID to configure the correct ACS URL and Entity ID in your IdP.

Phase 1: Initial Setup
  1. Log in to manage.fury.io and select your organization
  2. Go to SettingsSingle Sign-On
  3. In your IdP, create a placeholder SAML application (you can use temporary ACS/Entity values)
  4. Download metadata XML from your IdP
  5. Paste the metadata XML into Gemfury
  6. Select a default role for new users:
    • pull — Read-only access (default)
    • push — Read and publish packages
    • owner — Full administrative access
  7. Submit the configuration

Your provider enters submitted state pending review.

Phase 2: Finalization

After activation, you’ll receive your PROVIDER_ID via email:

  1. Update your IdP with the correct URLs using your assigned PROVIDER_ID:
    • ACS URL: https://manage.fury.io/auth/saml/PROVIDER_ID/callback
    • Entity ID: https://manage.fury.io/auth/saml/PROVIDER_ID
  2. Download fresh metadata XML from your IdP (if metadata includes SP details)
  3. Update the metadata in Gemfury SSO settings if needed
  4. Test authentication (see IdP Configuration — Testing)

Rather than entering the ACS URL and Entity ID by hand, you can download Gemfury’s SP metadata XML from the dashboard and import it into your IdP.

Next Steps

See IdP Configuration to complete setup in your Identity Provider.


Next