Symptoms:
- I want to use Single Sign-On for my Unity organization, but I can't find the option to enable it.
- How do I enable SSO for my domain?
- Can I disable SSO for my domain?
Cause:
Single Sign-On (SSO) is a service offered within the Unity Cloud Platform. SSO is only available for organizations with an active Unity Enterprise or Unity Industry subscription.
Resolution:
Provided your Unity organization has an active Unity Enterprise or Unity Industry subscription, you can contact your Partner Advisor/ Partner Relations Manager to enable this feature in the Unity Cloud Platform.
After SSO is enabled, follow the steps below to configure SSO for your Unity organization.
Table of contents: Configure SSO for your organization |
Prerequisites
Unity SSO uses the Security Assertion Markup Language (SAML) 2.0 protocol. Before you can configure SSO for your Unity organization, you must first create a SAML application in your Identity Provider (IdP) service.
Unity SSO supports the following IdPs:
- Okta
- Azure AD
- Active Directory Federation Service (ADFS)
- Google Workspace
To create a SAML application in your IdP service, follow these steps:
- Go to your Unity organization's IdP portal and create a new SAML 2.0 connector.
- Go to Single Sign-On on your Unity Dashboard and copy the values for Entity ID, Login (Assertion Consumer Service) URL, and Certificate.
- In the IdP portal, configure and pass on the Email attribute by entering the Unity values you just copied.
- Generate the following metadata parameters from your SAML 2.0 connector:
-
- Entity ID, which identifies the IdP you're using. This parameter might also be called Identity
- Provider Issuer or Issuer URL.
- SSO Login URL, which is the IdP login URL.
- X.509, which is the IdP certificate.
-
Configure SSO for your organization
- Navigate to cloud.unity3d.com and sign in using your Unity ID if prompted.
- Select Administration from the left sidebar.
- Select Single sign on.
- Select Edit information.
- Enter the IdP metadata parameters you generated in the Prerequisites stage of this article and save your changes.
Enable SSO for specific domains
To enable SSO for specific domains, follow these steps:
- Navigate to cloud.unity3d.com and sign in using your Unity ID if prompted.
- Select Administration from the left sidebar.
- Select Single sign on.
- Select Add domain.
- Enter the domain you want to enable SSO for. For example unity.com for users@unity.com email addresses.
- Select Add and validate.
- Copy the
TXT
record value from the domain information window and add it to the header of your domain. This validates your ownership of the domain. - Select Validate.
You can repeat this process to enable SSO for other domains. Once a domain is validated, it can't be claimed by another Unity organization until you delete the record from your SSO configuration.
Note: It can take up to 48 hours for Unity to validate your domain. |
Disable SSO for specific domains
To disable SSO for a specific domain follow these steps:
- Navigate to cloud.unity3d.com and sign in using your Unity ID if prompted.
- Select Administration from the left sidebar.
- Select Single sign on.
- Select the delete icon to the right of the domain you want to remove.
- Select Confirm to delete the domain record from your SSO configuration.
Known limitations
The following are known limitations of Unity's SSO integration:
- When you log in using SSO, you are automatically assigned to the Unity organization that the SSO was configured for. You can switch Unity organizations after logging in, and you still maintain access to other Unity organizations that you belong to.
- When you create a Unity ID account through SSO, your account is created without a personal organization. To be able to create new projects, you must manually create your own personal organization.
- When you create a Unity ID account through SSO, your account is created without a password. To set a password, you must select Forgot your password? from the login page and reset your password.
- SSO is not enforced by default.