Skip to main content
Version: User Guides (BYOC)

Other IdP (SAML 2.0)

This topic describes how to configure single sign-on (SSO) in Zilliz Cloud with any identity provider (IdP) that supports the SAML 2.0 protocol.

📘Notes

Zilliz Cloud provides dedicated integration guides for Okta, Google Workspace, and Microsoft Entra, but any standards-compliant SAML 2.0 IdP can be used with the Other IdP (SAML 2.0) option.

Before you start

  • Your Zilliz Cloud organization has at least one Dedicated (Enterprise) cluster.

  • You are the Organization Owner in the Zilliz Cloud organization where SSO is to be configured.

  • You have admin access to the IdP you plan to use.

  • Refer to your IdP’s official documentation for IdP-specific setup details.

Configuration steps

Step 1: Access service provider details in Zilliz Cloud console

  1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

  2. In the left-side navigation pane, click Settings.

  3. On the Settings page, locate the Single Sign-On (SSO) section and click Configure.

  4. In the dialog box that appears, choose Other IdP (SAML) as your IdP and protocol.

  5. In the Service Provider Details card, copy the following values:

    • SP Entity ID

    • ACS URL

These values will be required in Step 2 when creating a SAML application in your IdP.

Step 2: Create a SAML app in your IdP console

The exact process varies depending on your IdP. In general:

  1. Sign in to your IdP’s administrator console.

  2. Create a new SAML 2.0 application (sometimes called a SAML connection or integration).

  3. When prompted to provide service provider information, enter:

  4. Save the application, then obtain your IdP configuration in one of the following forms:

    • Option 1 – Metadata URL/File: Most IdPs provide a downloadable XML file or a public URL containing all necessary SAML metadata.

    • Option 2 – Manual: If metadata is not available, collect the following from your IdP:

      • IdP SSO URL (the endpoint where Zilliz Cloud will send authentication requests)

      • x.509 Certificate (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines)

You will use this information in Step 3.

Step 3: Configure IdP settings in Zilliz Cloud console

  1. Return to the Zilliz Cloud console.

  2. In the Identity Provider Details card of the Configure Single Sign-On (SSO) dialog box, choose one of the following methods:

    Option 1 – Metadata URL/File

    • Paste the Metadata URL you copied from your IdP, or upload the Metadata XML file you downloaded.

    • Zilliz Cloud will automatically import the necessary IdP details, including the certificate.

    Option 2 – Manual

    • Enter the IdP SSO URL from your IdP.

    • Upload or paste the IdP signing certificate in X.509 format. Ensure it includes the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

  3. Click Save.

Post-configuration tasks

Task 1: Assign SAML app to users in your IdP

Before users can sign in via SSO, you must grant them access to the SAML app in your IdP:

  • Assign the app to specific users or groups.

  • Ensure that each assigned user’s email address matches their Zilliz Cloud account email.

Task 2: Invite users to your project

When users log in to Zilliz Cloud via SSO for the first time, they are registered as an Organization Member but have no access to any project by default.

  • The Organization Owner must invite them into the appropriate projects.

  • For step-by-step instructions on how to invite users to a project, refer to Manage Project Users.

After being invited to a project, the Organization Owner can share the Zilliz Cloud login URL with enterprise users so they can sign in through SSO.

If you encounter any issues during the setup or testing process, contact Zilliz support.

FAQ

What role is assigned to users who log in via SSO for the first time?

New users who do not already have a Zilliz Cloud account will be automatically created upon their first SSO login. These users are assigned the Organization Member role by default. You can modify their roles later in the Zilliz Cloud console. For detailed steps, refer to Manage Project Users.

How do users access projects after SSO login?

After logging in via SSO, users will have Organization Member role by default. To access specific projects, an Organization Owner or Project Admin must invite them to projects. For detailed steps, see Manage Project Users.

What happens if a user already has a Zilliz Cloud account before logging in with SSO?

If the user already exists in your Zilliz Cloud organization (based on their email), they will retain their original role and permissions when logging in via SSO. The system matches users by email address and does not overwrite existing accounts.

Can I configure multiple SSO providers for the same organization?

Currently, each Zilliz Cloud organization supports only one active SAML SSO configuration at a time.