Set up Single Sign-On (SSO)


SaltStack Enterprise integrates with third-party identity and access management solutions to enable users to login to the Enterprise Console. SaltStack Enterprise supports various authentication integrations:

  • Single sign-on authentication (SSO) for an identity provider (IdP) that uses the SAML or OAuth protocols.
  • Access management for directory services that use the LDAP protocol, such as Active Directory Domain Services.

Alternatively, you could also use the authentication that is native to SaltStack Enterprise by storing user credentials locally in SaltStack Enterprise on the Enterprise API (RaaS) node.


Setting up SSO is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation pages:

How to set up SSO or directory services

You can best configure SSO or directory services using the Enterprise Console as opposed to using the Enterprise API or command line. The instructions for setting up SSO or directory services are included in the SaltStack Enterprise documentation. These are static HTML reference documents that do not require a link outside the firewall.

To access this documentation:

  1. Login to SaltStack Enterprise.
  2. In the toolbar, click Help > Help Documentation.
  3. Navigate to one of the following pages:
    • Authentication with SAML
    • Authentication with LDAP
    • Authentication with OAuth and OIDC

Next steps

After configuring SSO, there may be additional post-installation steps. Check the list of post-installation steps to ensure you have completed all the necessary steps.