SSO in Sentry is handled in one of two ways:
- Via a middleware which handles an upstream proxy dictating the authenticated user
- Via a third-party service which implements an authentication pipeline
This documentation describes the latter, which would cover things like Google Apps, GitHub, LDAP, and other similar services.
As of version 8.0 the SSO feature is enabled by default in Sentry. That said it can be disabled with a feature switch in your
from sentry.conf.server import * # turn SSO on our off SENTRY_FEATURES['organizations:sso'] = False
Additionally you may enable advanced SSO features:
from sentry.conf.server import * SENTRY_FEATURES['organizations:sso-saml2'] = True SENTRY_FEATURES['organizations:sso-rippling'] = True
You should see an Auth subheading under your organization’s dashboard when SSO is enabled.
Installing a Provider
Sentry >= 9.1
Google Auth is bundled with Sentry. Add the following lines to
SENTRY_OPTIONS['auth-google.client-id'] = '<client id>' SENTRY_OPTIONS['auth-google.client-secret'] = '<client secret>'
GitHub is bundled with Sentry. Set the following environment variables:
Sentry < 9.1
Providers are installed the same way as extensions. Simply install them via the Python package manager (pip) and restart the Sentry services. Once done you’ll see them show up in the auth settings.
The following providers are published and maintained by the Sentry team:
At this time the API is considered unstable and subject to change. Things likely won’t change a lot, but there’s a few areas that need cleaned up.
With that in mind, if you wish to build your own, take a look at the base
Provider class as well as one of the reference implementations above.