Codeium Teams now supports sign in with Single Sign-On (SSO) via SAML. If your organization uses Microsoft Entra, Okta, Google Workspaces, or some other identity provider that supports SAML, you will be able to use SSO with Codeium.
Note that Codeium only supports SP-initiated SSO; IDP-initiated SSO is NOT currently supported.
Configure IDP Application
Click on Applications on the left sidebar, and then Create App Integration
Select SAML 2.0 as the sign-in method
Set the app name as Codeium (or to any other name), and click Next
Configure the SAML settings as
- Single sign-on URL to https://auth.codeium.com/__/auth/handler
- Audience URI (SP Entity ID) to www.codeium.com
- NameID format to EmailAddress
- Application username to Email
Configure the attribute statements as following, and then click Next at the bottom
In the feedback section, select “This is an internal app that we have created”, and click Finish.
Register Okta as a SAML provider
You should be redirected to the Sign on tab under your custom SAML application. Now you’ll want to take the info in this page and fill it out in Codeium’s SSO settings.
- Open www.codeium.com/team/team_settings, and click on Configure SAML
- Copy the text after ‘Issuer’ in Okta’s application page and paste it under Idp Entity ID
- Copy the text after ‘Sign on URL’ in Okta’s application page and paste it under SSO URL
- Download the Signing Certificate and paste it under X509 certificate
- Check Enable Login with SAML and then click Save
- Test the login with the Test Login button. You should see a success message:
At this point everything should have been configured, and can now add users to the new Codeium Okta application.
You should share your organization's custom Login Portal URL with your users and ask them to sign in via that link.
Users who login to Codeium via SSO will be auto-approved into the team.
Caveats
Note that Codeium does not currently support IDP-initiated login flows.
We also do not yet support OIDC.
Troubleshooting
Login with SAML config failed: Firebase: Error (auth/operation-not-allowed)
This points to your an invalid SSO ID, or your SSO URL being incorrect, make sure it is alphanumeric and has no extra spaces or invalid characters. Please go over the steps in the guide again and make sure you use the correct values.
Login with SAML config failed: Firebase: SAML Response <Issuer> mismatch. (auth/invalid-credential)
This points to your IdP entity ID being invalid, please make sure you copy it correctly from the Okta portal, without any extra characters or spaces before or after the string.
Failed to verify the signature in samlresponse
This points to an incorrect value of your X509 certificate, please make sure you copy the correct key, and that it is formatted as:
-----BEGIN CERTIFICATE-----
value
------END CERTIFICATE------