This guide covers Memfault's Single Sign-On (or SSO) offering. SSO allows users of your organization to log in using your organization's third-party identity provider. Memfault supports Google OAuth, Microsoft OAuth, and SAML-based identity providers (e.g. Okta, Azure AD, Microsoft AD).
Please contact us if you want to use a SAML-based identity provider.
- As an administrator, visit Admin > SSO to Add Connection.
- Select the identity provider you want to use:
- Google OAuth and Microsoft OAuth: Provide email domain that you use
- SAML: You'll be taken to a guided portal to configure SAML.
- Google OAuth and Microsoft OAuth: Provide email domain that you use (e.g.
- After the previous step you should end up at again Admin > SSO and
the new connection should be visible now.
- If not, press Refresh in the top right corner.
- Consider turning on the Auto-Invite setting.
- Copy the Organization Log-In Portal link at the bottom of Admin > SSO. Bookmark it and share it with your team.
When this setting is enabled, any user that signs in through the configured identity provider will be granted access to your organization. This way you don't need to manually invite users.
If you turn this setting on after a user has already attempted to log into Memfault, they might have to log out and log in again for the auto-invite to work.
When this setting is enabled, users will not be able to access any of your organization's resources, unless they have used one of your configured identity providers.
This also means that User API keys will stop working, as they can't be re-authenticated interactively. In that case, your users will need to use Organization Auth Tokens instead. Administrators can and have to revoke them as needed.
Please contact us if you want to change that setting.
Logging in with SSO
Always use the Organization Log-In Portal link (found at Admin > SSO) for the best experience. It has this structure:
When you visit your organization's log-in portal, you'll be redirected to the configured identity provider. If multiple identity providers were configured, you'll be asked which one to use. Once successfully authenticated, you'll be redirected back to Memfault.
Each organization has a unique identifier named "slug". You'll find it in most
of your project's pages in the URL behind
the following URL it would be
The login page needs this "slug" to redirect you to the correct identity provider. We strongly recommend saving a bookmark to your Organization Log-In Portal URL (which can be found on Admin > SSO) so that you don't have to remember this piece of information.