Skip to main content

Using single sign-on with SAML (Legacy)

note

Veracode recommends the new Single Sign-on and Just-In-Time Provisioning feature for new accounts. If you are using the new feature, see Using Single Sign-On with SAML.

You can enable users in your organization to use single sign-on and configure SAML access for users.

Important

When you set the login type in the Veracode Platform to SAML, you cannot change it back to the password login type. Also, to prevent being completely locked out of Veracode if your SAML environment becomes inaccessible, Veracode recommends that your organization creates at least one user with the Administrator role that logs in with a username and password.

The Veracode Platform supports single sign-on (SSO) using the SAML 2.0 standard. To enable SAML on the Veracode Platform for your organization, you must request it in an email to Veracode Technical Support at [email protected]. After enabling their organization to use SSO with SAML, Veracode users with the Administrator role can configure their organization account and user accounts for single sign-on. Required information for configuring the organization identity provider to work with Veracode is also provided.

After you enable SAML single sign-on, you can take advantage of other capabilities, such as SAML-based user self-registration.

What is SAML?

SAML (Security Assertion Markup Language) is an open standard for performing single sign-on across security domains, for example, from an organization to a cloud service such as Veracode. SSO with SAML usually works as follows:

  1. You click a link to Veracode on your corporate intranet site.
  2. Browser forwards a SAML assertion to Veracode. The assertion is a digitally-signed XML document that attests to your identity.
  3. Veracode checks the validity of the assertion by verifying the digital signature and the expiration date, then compares the information in the assertion to the list of users in the organization account.
  4. If the assertion is valid and you match a known Veracode user, you continue to the Veracode Platform.

Veracode has implemented the portions of the SAML standard that manage authentication. Veracode must still provision your account before you can use the service. The best way to automate provisioning for large numbers of users is to leverage the Admin API.

For more information about SAML, see these websites: