Connect Mapbox accounts to Okta and other enterprise-grade identity solutions
By: Sunny Yang-Hicks
SAML single sign-on is now available for all Mapbox customers, enabling teams with multiple users to collaborate more securely on the platform. With SAML authentication, developers can connect their Mapbox account to an enterprise-grade identity solution like Okta, Azure Active Directory, and GSuite.
Teams with multiple users no longer have to share a password, provide full account access to all users, or change the credentials every time someone leaves the project.
Tell your IT team today
Moving to SAML authentication with your existing identity provider unlocks differentiated roles for users, and plugs Mapbox into your organization’s IT workflows for provisioning and monitoring software access. Many identity providers offer IT teams the ability to review individual user logins for each application with additional information like a timestamp and IP address. This data trail is immensely helpful for auditing, internal reviews, and more secure collaboration.
Get started with SSO
Setup takes 5 minutes from your account setting. See our SSO documentation or ask your IT team to reach out to our team for support.
SSO is working great for us. Check it out — here’s my Okta tile, I can log in just by clicking. Awesome. We’re eagerly awaiting the more advanced permissions which will allow me the peace of mind I need to provision access to almost 20 people in our organization that should have it: engineers, QA folks, and the team that leads on-call incident response here at Tableau.
— Ryan Whitley, Maps Engineering Manager at Tableau
Configure user roles
Through SAML SSO you can assign users roles that provide certain permissions for the account app. User roles are assigned in the identity provider and transferred to Mapbox in the SAML assertion. The user roles available are:
Most identity providers support role assignments for both individuals and teams. If you’re an Okta user, the notes section of their SAML2.0 for Mapbox documentation includes step by step instructions on setting up the user roles.
Enforce 24-hour sessions
Single sign-on is not just about convenience; it’s also about security. With SSO, Mapbox expires sessions after just 24 hours, restricting the length of time that your users can be signed in to your Mapbox account.
Enforce login via SSO
Password-based authentication will always be supported on an SSO-enabled account, but your IT admins can enforce that the rest of the organization uses SSO with the click of a button. To immediately terminate all active user sessions and force re-authentication via SSO, simply change the password on the account and then click “Activate SSO.”
Check out the docs and reach out to our support team if you have questions or feedback about the features you want to see next.
Sunny Yang-Hicks, MBA - Sr. Product Manager - Mapbox | LinkedIn
SAML Single Sign-on (SSO) in General Availability was originally published in maps for developers on Medium, where people are continuing the conversation by highlighting and responding to this story.