Ghost supports single sign-in with any SAML 2.0 or OIDC compliant platform.

SAML

Required setup

To create your SAML integration, follow these steps:
1

Domain

Let the Ghost team know your company domain - e.g. company.com.
2

SAML Settings

The Ghost team will provide you with a unique SSO URL and Entity ID.

The SSO URL will be in a format like https://app.ghostsecurity.ai/auth/saml/acs/<UUID>. Depending on your platform, this may also be referred to as the Assertion Consumer Service URL or ACS URL.

The Entity ID will be in a format like https://app.ghostsecurity.ai/auth/saml/metadata/<UUID>. Depending on your platform, this may also be referred to as the Audience URI.

Enter these values when configuring your SAML application for Ghost.

3

Constraints

Next, set the Name ID and Application username values.

Set the Name ID format to: EmailAddress

Set the Application username to: Email

Optionally, set the name and role attributes:
1

Name

Set the name attribute to user.firstName.
2

Role

Set the role attribute to user.ghost_role.

Final setup

1

Metadata URL

Provide the Metadata URL generated by your IdP to the Ghost team. It will be a URL in a format like https://<idp-provider>.com/app/yourappid/sso/saml/metadata.
2

Assign users

Assign the appropriate users to your SAML application so they can login to the Ghost platform.

OIDC

Coming soon.