After setting up SAML in Gemfury, configure your IdP with the Gemfury service provider details.
Required Settings
All IdPs need these values (replace PROVIDER_ID with your assigned identifier):
ACS URL: https://manage.fury.io/auth/saml/PROVIDER_ID/callback
Entity ID: https://manage.fury.io/auth/saml/PROVIDER_ID
Rather than entering these by hand, you can download Gemfury’s SP metadata XML from the dashboard and import it into your IdP.
Signing and encryption: Sign the SAML response or assertion using SHA-256. Do not require signed authentication requests, and do not enable assertion encryption — Gemfury does not sign AuthnRequests and cannot decrypt assertions.
When providing your IdP’s metadata to Gemfury, paste the Metadata XML content. Metadata URLs and manual configuration are not yet supported.
Okta
- Go to Applications → Create App Integration
- Select SAML 2.0
- Configure SAML settings:
- Single Sign-On URL:
https://manage.fury.io/auth/saml/PROVIDER_ID/callback - Audience URI:
https://manage.fury.io/auth/saml/PROVIDER_ID - Name ID format: EmailAddress
- Single Sign-On URL:
- Add attribute statement:
- Name:
email - Value:
user.email
- Name:
- Under SAML Settings → Advanced Settings, ensure:
- Response is set to Signed
- Assertion Signature is set to Signed
- Assign users or groups to the application
- Go to Sign On tab and download metadata XML (click View SAML setup instructions or Identity Provider metadata)
Microsoft Entra ID (Azure AD)
- Go to Enterprise Applications → New Application
- Select Create your own application (Non-gallery)
- Go to Single sign-on → SAML
- Edit Basic SAML Configuration:
- Identifier:
https://manage.fury.io/auth/saml/PROVIDER_ID - Reply URL:
https://manage.fury.io/auth/saml/PROVIDER_ID/callback
- Identifier:
- Verify Attributes & Claims includes email (typically
user.mailoruser.userprincipalname) - Under SAML Certificates, click Edit and set Signing Option to Sign SAML response and assertion
- Download Federation Metadata XML
Google Workspace
- Go to Admin Console → Apps → Web and mobile apps → Add app
- Select Add custom SAML app
- Enter app name (e.g., “Gemfury”)
- Configure Service Provider details:
- ACS URL:
https://manage.fury.io/auth/saml/PROVIDER_ID/callback - Entity ID:
https://manage.fury.io/auth/saml/PROVIDER_ID - Name ID format: EMAIL
- Name ID: Basic Information > Primary email
- ACS URL:
- Map attributes:
-
Primary email →
email
-
Primary email →
- Under Service Provider Details, ensure Signed response is checked
- Save the application, then download IdP metadata (available on the app details page)
- Enable the app for your organizational unit
Testing
Test both authentication flows to ensure complete configuration:
IdP-Initiated (starting from your Identity Provider)
- Assign yourself to the SAML application in your IdP
- Open an incognito/private browser window
- Log in to your IdP dashboard (e.g., Okta, Azure MyApps)
- Click the Gemfury application
- Verify you land on Gemfury authenticated
- Check your membership appears in organization settings
SP-Initiated (starting from Gemfury)
- Open an incognito/private browser window
- Go to manage.fury.io
- Click Sign in with SSO
- Enter your organization’s account slug (the name in your Gemfury URL, e.g.,
acmeforacme.fury.io) - Complete authentication with your IdP
- Verify you land on Gemfury authenticated