SAML single sign-on for Gemfury βeta

Configuring Your Identity Provider

After setting up SAML in Gemfury, configure your IdP with the Gemfury service provider details.

Required Settings

All IdPs need these values (replace PROVIDER_ID with your assigned identifier):

ACS URL:    https://manage.fury.io/auth/saml/PROVIDER_ID/callback
Entity ID:  https://manage.fury.io/auth/saml/PROVIDER_ID

When providing metadata to Gemfury, provide the Metadata XML content. Metadata URLs and manual configuration are not yet supported.

Okta
  1. Go to ApplicationsCreate App Integration
  2. Select SAML 2.0
  3. Configure SAML settings:
    • Single Sign-On URL: https://manage.fury.io/auth/saml/PROVIDER_ID/callback
    • Audience URI: https://manage.fury.io/auth/saml/PROVIDER_ID
    • Name ID format: EmailAddress
  4. Add attribute statement:
    • Name: email
    • Value: user.email
  5. Under SAML SettingsAdvanced Settings, ensure:
    • Response is set to Signed
    • Assertion Signature is set to Signed
  6. Assign users or groups to the application
  7. Go to Sign On tab and download metadata XML (click View SAML setup instructions or Identity Provider metadata)
Microsoft Entra ID (Azure AD)
  1. Go to Enterprise ApplicationsNew Application
  2. Select Create your own application (Non-gallery)
  3. Go to Single sign-onSAML
  4. Edit Basic SAML Configuration:
    • Identifier: https://manage.fury.io/auth/saml/PROVIDER_ID
    • Reply URL: https://manage.fury.io/auth/saml/PROVIDER_ID/callback
  5. Verify Attributes & Claims includes email (typically user.mail or user.userprincipalname)
  6. Under SAML Certificates, click Edit and set Signing Option to Sign SAML response and assertion
  7. Download Federation Metadata XML
Google Workspace
  1. Go to Admin ConsoleAppsWeb and mobile appsAdd app
  2. Select Add custom SAML app
  3. Enter app name (e.g., “Gemfury”)
  4. Configure Service Provider details:
    • ACS URL: https://manage.fury.io/auth/saml/PROVIDER_ID/callback
    • Entity ID: https://manage.fury.io/auth/saml/PROVIDER_ID
    • Name ID format: EMAIL
    • Name ID: Basic Information > Primary email
  5. Map attributes:
    • Primary emailemail
  6. Under Service Provider Details, ensure Signed response is checked
  7. Save the application, then download IdP metadata (available on the app details page)
  8. Enable the app for your organizational unit

Testing

Test both authentication flows to ensure complete configuration:

IdP-Initiated (starting from your Identity Provider)
  1. Assign yourself to the SAML application in your IdP
  2. Open an incognito/private browser window
  3. Log in to your IdP dashboard (e.g., Okta, Azure MyApps)
  4. Click the Gemfury application
  5. Verify you land on Gemfury authenticated
  6. Check your membership appears in organization settings
SP-Initiated (starting from Gemfury)
  1. Open an incognito/private browser window
  2. Go to manage.fury.io
  3. Click Sign in with SSO
  4. Enter your organization’s account slug (the name in your Gemfury URL, e.g., acme for acme.fury.io)
  5. Complete authentication with your IdP
  6. Verify you land on Gemfury authenticated

Next