Single Sign-On (SSO)

Tidelift supports a number of single sign-on methods in addition to username and password authentication.

SAML

Tidelift allows customers on the Enterprise plan to set up authentication via SAML. When using SAML for SSO, all signups and logins for your domain must be through SSO. To set up a SAML connection for your enterprise, contact us at support@tidelift.com to begin the setup process.

⚠️ Note: We do not support IdP-initiated login

SAML configuration options:

• Domain-wide SSO login
  With this option, we enable SSO for all users within your organization. Users must join the organization before they can log in. Users can be invited to join your organization by an org admin, and must accept the invite before they can log in with SSO. 
  
  Please note that this is enabled by domain. For example - if we configure this for user@yourcompany.com, users with an email address domain other than @yourcompany.com will not have access. Please reach out to our Support team to request SSO access for additional users or domains. 
  
  
• User auto-join
  This option can be enabled in addition to domain-wide SSO login. In this case, users do not have to be invited to your Tidelift organization to join. Any user who does not already belong to your organization will have a user account automatically created when they authenticate with SSO for the first time.

Sign in with Google

Tidelift allows users to sign up and log in with their Google credentials via OAuth2. We require (read-only) access to basic profile information about the user.

Sign in with GitHub

Tidelift allows users to sign up and log in with their GitHub credentials via OAuth2. We require (read-only) access to profile information including your email address as well as information about the organizations and teams that you have access to. Note that teams which are using our GitHub app are required to log in via GitHub, as we use GitHub's repository permissions to decide which GitHub repositories a user can access.