Sign in a user through SSO
Attempts a single-sign on using an enterprise Identity Provider. A successful SSO attempt will redirect the current page to the identity provider authorization page. The redirect URL is implementation and SSO protocol specific.
- Before you can call this method you need to establish a connection to an identity provider. Use the CLI commands to do this.
- If you've associated an email domain to the identity provider, you can use the
domain
property to start a sign-in flow. - In case you need to use a different way to start the authentication flow with an identity provider, you can use the
providerId
property. For example:- Mapping specific user email addresses with an identity provider.
- Using different hints to identity the identity provider to be used by the user, like a company-specific page, IP address or other tracking information.
Parameters
params
REQUIRED
SignInWithSSOproviderId
Optional
stringUUID of the SSO provider. One of `providerId` or `domain` is required.
domain
Optional
stringDomain name of the organization to use SSO with. One of `providerId` or `domain` is required.
options
Optional
objectredirectTo
REQUIRED
stringThe URL to redirect the user to after they have signed in. Must be a configured redirect URL for your Supabase instance.
captchaToken
REQUIRED
string
// You can extract the user's email domain and use it to trigger the
// authentication flow with the correct identity provider.
const { data, error } = await supabase.auth.signInWithSSO({
domain: 'company.com'
})
if (data?.url) {
// redirect the user to the identity provider's authentication flow
window.location.href = data.url
}