We're building dev tools for implementing Enterprise SSO. You can use SSOReady to add SAML support to your product this afternoon, for free, forever. You can think of us as an open source alternative to products like Auth0 or WorkOS.
- MIT-Licensed
- Self-hosted, or free at app.ssoready.com
- Keeps you in control of your users database
- Well-documented, straightforward implementation
- Python and TypeScript/Node.js SDKs, more in development
For full documentation, check out https://ssoready.com/docs.
At a super high level, all it takes to add SAML to your product is to:
- Sign up on app.ssoready.com for free
- From your login page, call the getRedirectUrlendpoint when you want a user to sign in with SAML
- Your user gets redirected back to a callback page you choose, e.g. your-app.com/ssoready-callback?saml_access_code=.... You callredeemSamlAccessCodewith thesaml_access_codeand log them in.
Calling the getRedirectUrl endpoint looks like this in TypeScript:
// this is how you implement a "Sign in with SSO" button
const { redirectUrl } = await ssoready.saml.getSamlRedirectUrl({
  // the ID of the organization/workspace/team (whatever you call it)
  // you want to log the user into
  // make sure authorization code is assigned to "SSOREADY_API_KEY" env variable for ssoReady to pick it.
  organizationExternalId: "..."
});
// redirect the user to `redirectUrl`...And redeemSamlAccessCode looks like this:
// this goes in your handler for POST /ssoready-callback
const { email, organizationExternalId } = await ssoready.saml.redeemSamlAccessCode({
    samlAccessCode: "saml_access_code_..."
});
// log the user in as `email` inside `organizationExternalId`...Check out the quickstart for the details spelled out more concretely. The whole point of this project is to make enterprise SSO super obvious and easy.
We believe everyone that sells software to businesses should support enterprise SSO. It's a huge security win for your customers.
The biggest problem with enterprise SSO is that it's way too confusing. Most open-source SAML libraries are underdocumented messes. Every time I've tried to implement SAML, I was constantly looking for someone to just tell me what in the world I was supposed to concretely do.
We believe that more people will implement enterprise SSO if you make it obvious and secure by default. We are obsessed with giving every developer clarity and security here.
Also, we believe randomly pumping up prices on security software like this is totally unacceptable. MIT-licensing the software gives you insurance against us ever doing that. Do whatever you want with the code. Fork us if we ever misbehave.
Please feel welcome to use GitHub issues or reach out directly at [email protected]. We want to know about any bugs you encounter, any features you'd like to request, or any questions you need answered.
We take security extremely seriously. If you become aware of any potential vulnerabilities, please contact us immediately using [email protected]. You will receive a response laying out next steps within 24 hours; in most cases, you should expect an immediate response. Do not open a GitHub issue. Do not post on any forums. If you feel unsure about whether something matters, know that we will be very grateful even for a false alarm.