Single Sign-On (SSO) with SAML

Browserbase supports SAML 2.0-based Single Sign-On (SSO) so your team can log in with your corporate identity provider (IdP).
This guide walks you through the setup process.
SSO is available only to Enterprise Plans. Please get in touch with our team to enable SSO on your Browserbase account.

Supported Identity Providers

Any SAML 2.0-compliant IdP is supported, including:
  • Okta Workforce
  • Microsoft Entra ID (formerly Azure AD)
  • Google Workspace (SAML)
  • Custom SAML providers

How Setup Works

SSO setup involves coordination between your IT team and Browserbase support. Here’s the process: Example: Acme Corp wants to enable Okta SSO for their Browserbase organization.

Step 1: Your IT Team Shares IdP Configuration

Your IT administrator sends the following details from your identity provider to support@browserbase.com:
  • Sign-on URL (SSO URL) - Where Browserbase redirects users for authentication
  • Entity ID / Issuer - Your IdP’s unique identifier
  • X.509 Signing Certificate - Used to verify SAML assertions

Step 2: Browserbase Provides Service Provider Details

The Browserbase team responds with configuration values your IT team needs:
  • Assertion Consumer Service (ACS) URL - Where your IdP sends authentication responses
  • Entity ID (Audience URI) - Browserbase’s unique identifier
  • Metadata URL - Complete SAML configuration (preferred method)

Step 3: Your IT Team Configures the SAML Application

Your administrator creates a new SAML application in your IdP (e.g., Okta, Azure AD) using the Browserbase SP details.

Step 4: Joint Testing

Both teams coordinate to test the login flow and verify that user attributes are mapped correctly.

Step 5: Browserbase Enables SSO

Once testing is successful, the Browserbase team enables SSO for your organization.

Required Attributes

Browserbase requires the following attributes in the SAML assertion:
  • User ID – A stable, unique identifier for the user (e.g., Okta user.id)
  • Email Address – The user’s email (e.g., Okta user.email)
  • First Name – The user’s given name (e.g., Okta user.firstName)
  • Last Name – The user’s surname (e.g., Okta user.lastName)
Your IdP may expose these as NameID, attribute statements, or claims. Please ensure the values are passed consistently to Browserbase.

Testing

  • SP-initiated login (recommended)
    Start from the Browserbase login page → redirected to your IdP → redirected back after successful authentication.

Next Steps

  1. Collect your IdP configuration values.
  2. Share them with Browserbase at support@browserbase.com.
  3. Our team will reply with the Browserbase SP details.
  4. Together we’ll test and finalize the integration.
Once complete, your users can securely log in to Browserbase with SSO.