Directory Sync
2 min read

Directory Sync

Learn how to configure Directory Sync for your Vercel Team.
Table of Contents

Directory Sync is available on Enterprise plans

Those with the owner role can access this feature

Directory Sync helps teams manage their organization membership from a third-party identity provider like Google Directory or Okta. Like SAML, Directory Sync is only available for Enterprise Teams and can only be configured by Team Owners.

When Directory Sync is configured, changes to your Directory Provider will automatically be synced with your team members. The previously existing permissions/roles will be overwritten by Directory Sync, including current user performing the sync.

Make sure that you still have the right permissions/role after configuring Directory Sync, otherwise you might lock yourself out.

All team members will receive an email detailing the change. For example, if a new user is added to your Okta directory, that user will automatically be invited to join your Vercel Team. If a user is removed, they will automatically be removed from the Vercel Team.

You can configure a mapping between your Directory Provider's groups and a Vercel Team role. For example, your Engineers group on Okta can be configured with the member role on Vercel, and your Admin group can use the owner role.

Configuring Directory Sync

To configure directory sync for your team:

  1. Ensure your team is selected in the scope selector
  2. From your team's dashboard, select the Settings tab, and then Security & Privacy
  3. Under SAML Single Sign-On, select the Configure button. This opens a dialog to guide you through configuring Directory Sync for your Team with your Directory Provider.
  4. Once you have completed the configuration walkthrough, configure how Directory Groups should map to Vercel Team roles:
    Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members.
    Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members.
  5. Finally, an overview of all synced members is shown. Click Confirm and Sync to complete the syncing:
    An overview of Team owners and Members that will be added.
    An overview of Team owners and Members that will be added.
  6. Once confirmed, Directory Sync will be successfully configured for your Vercel Team.

SAML Single Sign-On is optionally available on the Enterprise Plan. To enable contact sales .

Supported providers

See SAML Single Sign-On for a list of all the SAML providers that Vercel supports.

Preventing account lockout

To prevent account lockout ensure that at least one person in your team has the owner role, and that they are not removed from the team.

If access is lost due to removal of team owners, use the following group names to automatically allocate the corresponding roles to individuals in that group:

Group nameRole
vercel-role-ownerOwner
vercel-role-memberMember
vercel-role-developerDeveloper
vercel-role-billingBilling
vercel-role-viewerViewer
vercel-role-contributorContributor
Last updated on April 16, 2024
Previous
HTTPS/SSL
Next
Secure Compute