This guide walks through enabling SAML authentication for your Gemfury organization. Setup requires two phases: initial configuration and finalization after receiving your Provider ID.
Service Provider Information
Configure your IdP with these Gemfury settings. Replace PROVIDER_ID with the identifier
assigned after initial setup.
| Setting | Value |
|---|---|
| ACS URL | https://manage.fury.io/auth/saml/PROVIDER_ID/callback |
| Entity ID | https://manage.fury.io/auth/saml/PROVIDER_ID |
| Name ID Format | Persistent (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent) |
Name ID Format options:
- Persistent — Uses an opaque identifier (recommended for stability)
- Email — Uses email address as identifier (simpler fallback)
If you also use SCIM provisioning, prefer Persistent and have your IdP
send a SCIM externalId equal to the persistent Name ID. This gives a stable,
exact match between SAML logins and SCIM-provisioned users that survives email or
username changes.
Your IdP must send signed assertions and include the user’s email attribute. See IdP Configuration for specific steps to enable signing in your Identity Provider.
Setup Overview
SAML configuration requires two phases because you need your Provider ID to configure the correct ACS URL and Entity ID in your IdP.
Phase 1: Initial Setup
- Log in to manage.fury.io and select your organization
- Go to Settings → Single Sign-On
- In your IdP, create a placeholder SAML application (you can use temporary ACS/Entity values)
- Download metadata XML from your IdP
- Paste the metadata XML into Gemfury
- Select a default role for new users:
-
pull— Read-only access (default) -
push— Read and publish packages -
owner— Full administrative access
-
- Submit the configuration
Your provider enters submitted state pending review.
Phase 2: Finalization
After activation, you’ll receive your PROVIDER_ID via email:
- Update your IdP with the correct URLs using your assigned
PROVIDER_ID:- ACS URL:
https://manage.fury.io/auth/saml/PROVIDER_ID/callback - Entity ID:
https://manage.fury.io/auth/saml/PROVIDER_ID
- ACS URL:
- Download fresh metadata XML from your IdP (if metadata includes SP details)
- Update the metadata in Gemfury SSO settings if needed
- Test authentication (see IdP Configuration — Testing)
Rather than entering the ACS URL and Entity ID by hand, you can download Gemfury’s SP metadata XML from the dashboard and import it into your IdP.
Next Steps
See IdP Configuration to complete setup in your Identity Provider.