Overview
Workspace security settings are managed by owners and admins. They control authentication, provisioning, and access rules for all members.Access control
- Allow Developer Login: Allow users with only the Developer role to sign in. The Developer role is automatically assigned to VCS users.
- Automatic VCS Provisioning: Automatically create and suspend tenant accounts when GitHub or GitLab members link their VCS profiles. Manually created users are not affected.
- Include Outside Collaborators: Automatically provision GitHub outside collaborators with the Developer role. These users are suspended if repository access is revoked.
Authentication
- Enforce 2FA: Require two-factor authentication for all users. Users without 2FA get a 7 day grace period before lockout.
- Custom Login Page: Enable a custom login page with additional authentication options.
- VCS Login: Allow users to sign in with GitHub or GitLab. This option appears when the custom login page is enabled.
SAML single sign-on
Configure SAML for enterprise authentication. Identity provider- IdP Entity ID
- Single Sign-On URL
- Single Logout URL (optional)
- IdP signing certificate with show or hide controls
- SP Entity ID with a regenerate control
- Assertion Consumer Service URL
- Single Logout Service URL
- Download metadata for IdP setup
- Email attribute
- Display name attribute
- Just in time provisioning toggle
- Default role for newly provisioned users
- Enforce SAML only login for this workspace
- Allow passkey fallback when the IdP is unavailable and users have passkeys
User provisioning
- SCIM provisioning: Enable SCIM for automated user provisioning and deprovisioning
- SCIM endpoint: Use the provided base URL and append
/Usersin your IdP configuration - Authentication token: Show, copy, or regenerate the token used as a Bearer token in SCIM requests
- Default role: Role assigned to newly provisioned users