Infisical offers Google SSO and GitHub SSO for free across both Infisical
Cloud and Infisical Self-hosted. Infisical also offers SAML SSO authentication
and OpenID Connect (OIDC) but as paid features that can be unlocked on
Infisical Cloud’s Pro tier or via enterprise license on self-hosted
instances of Infisical. On this front, we support industry-leading providers
including Okta, Azure AD, and JumpCloud; with any questions, please reach out
to team@infisical.com.
Identity providers
Infisical supports these and many other identity providers:- Google SSO
- GitHub SSO
- GitLab SSO
- Okta SAML
- Azure SAML
- JumpCloud SAML
- Keycloak SAML
- Google SAML
- Auth0 SAML
- Keycloak OIDC
- Auth0 OIDC
- General OIDC
FAQ
Why does Infisical require additional email verification for users connected via SAML?
Why does Infisical require additional email verification for users connected via SAML?
By default, Infisical Cloud is configured to not trust emails from external
identity providers to prevent any malicious account takeover attempts via
email spoofing. Accordingly, Infisical creates a new user for anyone provisioned
through an external identity provider and requires an additional email
verification step upon their first login.If you’re running a self-hosted instance of Infisical and would like it to trust emails from external identity providers,
you can configure this behavior in the Server Admin Console.