Skip to content
Last updated on June 7, 2023
3 min read

Directory Sync

Learn how to configure Directory Sync for your Vercel Team.

Directory Sync is available on Enterprise plans

Those with the owner role can access this feature

Directory Sync helps teams manage their organization membership from a third-party identity provider like Google Directory or Okta. Like SAML, Directory Sync is only available for Enterprise Teams and can only be configured by Team Owners.

When Directory Sync is configured, changes to your Directory Provider will automatically be synced with your team members. The previously existing permissions/roles will be overwritten by Directory Sync, including current user performing the sync.

Note: Make sure that you still have the right permissions/role after configuring Directory Sync, otherwise you might lock yourself out.

All team members will receive an email detailing the change. For example, if a new user is added to your Okta directory, that user will automatically be invited to join your Vercel Team. If a user is removed, they will automatically be removed from the Vercel Team.

You can configure a mapping between your Directory Provider's groups and a Vercel Team role. For example, your Engineers group on Okta can be configured with the member role on Vercel, and your Admin group can use the owner role.

Configuring Directory Sync

Go to the Team's Security settings from the top header. Here, you can configure Directory Sync for your Team. Clicking "Configure" will open a walkthrough that helps you configure Directory Sync for your Team with your Directory Provider.

After completing the steps of the configuration walkthrough, configure how Directory Groups should map to Vercel Team roles:

Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members.
Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members.
Setting the Okta Admins group as Vercel owners and the Engineers group as Vercel Members.

Finally, an overview of all synced members is shown before you complete the syncing:

An overview of Team owners and Members that will be added.
An overview of Team owners and Members that will be added.
An overview of Team owners and Members that will be added.

Once confirmed, Directory Sync will be successfully configured for your Vercel Team.

Note: SAML Single Sign-On is optionally available on the Enterprise Plan. To enable contact sales.

Supported providers

Vercel supports the following third-party SAML providers:

Preventing account lockout

To prevent account lockout ensure that at least one person in your team has the owner role, and that they are not removed from the team.

If access is lost due to removal of team owners, use the following group names to automatically allocate the corresponding roles to individuals in that group:

Group name
Role
vercel-role-owner
vercel-role-member
vercel-role-developer
vercel-role-billing
vercel-role-viewer