Good news! As part of our efforts to further secure access for users in your org, we're introducing the ability to enforce SAML-only Authentication. Plus, a bonus is that SAML is now fully self-service configurable:
With SAML-only Authentication configured, all members of your organization will no longer be able to use password-based or social-based authentication. In other words, they must use SAML when authenticating. This will ensure that they contact only your Identity Provider for authentication. If the Identity Provider says no (i.e. because the user is removed, locked out, etc.), they'll not be able to log in anymore.
You'll also be able to utilise the same page for self-service SAML configuration. Now you'll be able to enable, disable, enforce and configure SAML as and when required. You can specify either a metadata URL, where we fetch the SAML metadata from your Identity Provider automatically or provide us with the XML directly.
What's next? For this area of the application, we'd like to implement SCIM for automated off-boarding.
Note: Single Sign-On via SAML (i.e. using an external Identity Provider to authenticate users) is an Ultra tier feature. You can find out more about Ultra features on our pricing page, and if you'd like to book a chat with us, we're always happy to talk (no hard sales push).
Good news! You can now set a custom support email and URL for your organizations. For error messages when installs or setups go wrong or where we need to communicate an issue to your users, we'll now display your own support email and URL. You can configure it in your org profile settings: For example, if your users use the automated bash installs…
Good news! If you've been looking for an easy method of setting the default access for a repository across your organization, we've got you covered. Introducing repository-level default privileges: These complement the existing default org-wide repository privileges. Such that the privilege for a user is the greatest privilege granted to them via…
We've just released several awesome improvements to our Entitlements and Metrics API endpoints in our quest to strive for API nirvana. First up - at the request of many of our users, we now extended token lookup in the Entitlements API to resolve tokens by name and by token content. Historically users would have to make an API call to retrieve the…
Good news! When you're embedding version badges elsewhere, you'll probably have noticed that services like GitHub like to cache them for an excruciatingly long time*, often well beyond the lifetime of the package version itself. That changes today, along with a stylish (yes, stylish, not just style) update: Couple of things to note: The cache TTL…
Not your usual feature update, but we'll be updating our Terms of Service, effective 19th May 2021*: For all individual users, the following terms will apply, both replacing the existing terms: Individual Terms of Service Individual Privacy Policy For all organisations and organisation users, the following terms will apply, extending the above…
More account-based good news! We've surfaced the history of logins for your account: You can find the new information on your account security page, underneath the Session Management, as described previously. In addition to seeing the current sessions, the historical view of logins includes context such as the login method, Geo/IP location and det…
By submitting this form, you agree to our privacy policy
