Settings
Authentication (SSO)
Configure OIDC or SAML single sign-on for your organization.
CodeWall supports enterprise SSO via OIDC or SAML, allowing your team to sign in with your existing identity provider.
Supported protocols
OIDC (OpenID Connect)
| Field | Description |
|---|---|
| Display name | Name shown on the SSO login button |
| Issuer URL | Your IdP's OIDC issuer URL |
| Client ID | The client ID from your IdP |
| Client secret | The client secret from your IdP |
SAML
| Field | Description |
|---|---|
| Display name | Name shown on the SSO login button |
| IdP Entity ID | Your identity provider's entity ID |
| IdP SSO URL | The SSO login URL from your IdP |
| IdP X.509 Certificate | The signing certificate from your IdP |
Configuration options
JIT (Just-In-Time) provisioning
When enabled, users are automatically created in CodeWall on their first SSO login. You can set the default role for JIT-provisioned users:
- Viewer — read-only access
- Member — can create and manage tests
- Admin — full access except billing
Enforce SSO
When enabled, all users in your organization must sign in via SSO. Password-based login is disabled.
Domain verification
Before enabling SSO, verify that you own your email domain:
- Go to Settings > Authentication
- Click Add Domain and enter your domain (e.g.,
acme.com) - Add a DNS TXT record:
_codewall-verification.acme.com = codewall-verify=<token> - Click Verify once the DNS record propagates
Testing SSO
Use the Test button to verify your SSO configuration before enforcing it. This opens a test login flow without affecting existing users.