Skip to main content
Single Sign-On (SSO) allows your team members to log into Meilisearch Cloud using your organization’s existing identity provider (IdP). Instead of managing separate Meilisearch credentials, users authenticate through a centralized system like Okta, Azure AD, or Google Workspace.
SSO is a Meilisearch Cloud enterprise feature. It is not available on self-hosted instances or non-enterprise Cloud plans.

Supported protocols

Meilisearch Cloud supports SAML 2.0 for SSO integration. SAML 2.0 is an industry-standard protocol supported by most identity providers, including:
  • Okta
  • Azure Active Directory (Microsoft Entra ID)
  • Google Workspace
  • OneLogin
  • Auth0
  • JumpCloud

Setup process

Step 1: Contact the Meilisearch team

SSO configuration requires coordination with the Meilisearch team. Reach out through your enterprise support channel or email support@meilisearch.com to initiate the setup process. The Meilisearch team will provide you with:
  • The Assertion Consumer Service (ACS) URL for your organization
  • The Entity ID (also called the Audience URI) for Meilisearch
  • Any additional SAML attributes required for the integration

Step 2: Configure your identity provider

In your IdP’s admin console, create a new SAML application for Meilisearch Cloud using the values provided by the Meilisearch team:
  1. Create a new SAML 2.0 application in your IdP
  2. Set the ACS URL to the value provided by Meilisearch
  3. Set the Entity ID to the value provided by Meilisearch
  4. Configure the Name ID format to emailAddress
  5. Map the following user attributes:
SAML attributeValue
emailUser’s email address
firstNameUser’s first name
lastNameUser’s last name
  1. Assign the appropriate users or groups to the application

Step 3: Provide IdP metadata to Meilisearch

After configuring the SAML application, share the following with the Meilisearch team:
  • Your IdP metadata URL (preferred) or the IdP metadata XML file
  • The IdP SSO URL (the endpoint where Meilisearch sends authentication requests)
  • The IdP certificate used to sign SAML assertions
The Meilisearch team will complete the configuration on their end and confirm when SSO is active.

Step 4: Test the SSO login flow

Before rolling out SSO to your entire team:
  1. Assign the Meilisearch application in your IdP to a test user
  2. Have the test user log in to Meilisearch Cloud using the SSO option
  3. Verify they appear in your team members list
  4. Confirm they have the correct access level
Test SSO with a non-admin account first to verify the integration works correctly before rolling it out to your entire team.

Manage team membership through your IdP

Once SSO is enabled, new team members are automatically provisioned in Meilisearch Cloud when they first log in through your IdP. To manage user access:
  • Add members: assign the Meilisearch application to new users or groups in your IdP. They are provisioned automatically on their first login.
  • Remove members: unassign the application from users in your IdP. They will no longer be able to authenticate.
  • Group-based access: use IdP groups to manage access at scale. All members of an assigned group gain access to your Meilisearch Cloud team.
Role assignment (Owner vs. Member) is still managed within the Meilisearch Cloud dashboard. Your IdP controls who can authenticate, but the Meilisearch dashboard controls their permissions. When a user is first provisioned through SSO, they are assigned the Member role by default. The team owner must manually promote them to Owner if needed.

Next steps

Manage team roles

Configure roles and permissions for team members

Teams overview

Learn more about teams and team management