Skip to main content

Single Sign-On (SSO)

This guide covers Memfault's Single Sign-On (or SSO) offering. SSO allows users of your organization to log in using your organization's third-party identity provider. Memfault supports Google OAuth and SAML-based identity providers (e.g. Okta, Azure AD).


Please contact us if you want to use a SAML-based identity provider.

Enabling SSO

  1. As an Organization Admin, visit Admin → SSO to Add Connection.
  2. Select the identity provider you want to use:
    • Google OAuth: Provide email domain that you use (e.g. for
    • SAML: You'll be taken to a guided portal to configure SAML.
  3. After the previous step you should end up at again Admin → SSO and the new connection should be visible now.
    • If not, press Refresh in the top right corner.
  4. Consider turning on the Auto-Invite setting.
  5. Copy the Organization Log-In Portal link at the bottom of Admin → SSO. Bookmark it and share it with your team.

SSO Settings


When this setting is enabled, any user that signs in through the configured identity provider will be granted access to your organization. This way you don't need to manually invite users.

If you turn this setting on after a user has already attempted to log into Memfault, they might have to log out and log in again for the auto-invite to work.

Require SSO

When this setting is enabled, users will not be able to access any of your organization's resources, unless they have used one of your configured identity providers.

This also means that User API keys will stop working, as they can't be re-authenticated interactively. In that case, your users will need to use Organization Auth Tokens instead. Organization Admins can and have to revoke them as needed.

Please contact us if you want to change that setting.

Logging in with SSO

Always use the Organization Log-In Portal link (found at Admin → SSO) for the best experience. It has this structure:

When you visit your organization's log-in portal, you'll be redirected to the configured identity provider. If multiple identity providers were configured, you'll be asked which one to use. Once successfully authenticated, you'll be redirected back to Memfault.


What is the Organization Slug?

Each organization has a unique identifier named "slug". You'll find it in most of your project's pages in the URL behind organizations/ and /projects. In the following URL it would be acme:

The login page needs this "slug" to redirect you to the correct identity provider. We strongly recommend saving a bookmark to your Organization Log-In Portal URL (which can be found on Admin → SSO) so that you don't have to remember this piece of information.