Directory Sync
Learn how to configure Directory Sync for your Vercel Team.Directory Sync helps teams manage their organization membership from a third-party identity provider like Google Directory or Okta. Like SAML, Directory Sync is only available for Enterprise Teams and can only be configured by Team Owners.
When Directory Sync is configured, changes to your Directory Provider will automatically be synced with your team members. The previously existing permissions/roles will be overwritten by Directory Sync, including current user performing the sync.
All team members will receive an email detailing the change. For example, if a new user is added to your Okta directory, that user will automatically be invited to join your Vercel Team. If a user is removed, they will automatically be removed from the Vercel Team.
You can configure a mapping between your Directory Provider's groups and a Vercel Team role. For example, your Engineers group on Okta can be configured with the member role on Vercel, and your Admin group can use the owner role.
To configure directory sync for your team:
- Ensure your team is selected in the scope selector
- From your team's dashboard, select the Settings tab, and then Security & Privacy
- Under SAML Single Sign-On, select the Configure button. This opens a dialog to guide you through configuring Directory Sync for your Team with your Directory Provider.
- Once you have completed the configuration walkthrough, configure how Directory Groups should map to Vercel Team roles:
Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members. - Finally, an overview of all synced members is shown. Click Confirm and Sync to complete the syncing:
An overview of Team owners and Members that will be added. - Once confirmed, Directory Sync will be successfully configured for your Vercel Team.
Vercel supports the following third-party SAML providers:
- Okta
- Auth0
- Azure
- Microsoft ADFS
- PingOne
- OneLogin
- Duo
- JumpCloud
- PingFederate
- ADP
- Keycloak
- Cyberark
- OpenID
- VMware
- SAML
- LastPass
- miniOrange
- NetIQ
- Oracle Cloud
- Salesforce
- CAS
- ClassLink
- Cloudflare
- SimpleSAMLphp
To prevent account lockout ensure that at least one person in your team has the owner role, and that they are not removed from the team.
If access is lost due to removal of team owners, use the following group names to automatically allocate the corresponding roles to individuals in that group:
Was this helpful?