3 min readUpdated April 20, 2026
Available methods
- Email + password (all plans).
- Google Workspace (all plans).
- Microsoft Entra ID / Office 365 (Professional and above).
- SAML 2.0 — Okta, JumpCloud, OneLogin, generic SAML (Business plan).
Setting up SAML
- 1Settings → Security → SSO → SAML.
- 2Copy the ACS URL and Entity ID into your identity provider's app.
- 3Download the IdP metadata XML and paste it back into Vibeshift.
- 4Test with your own account before enforcing.
- 5Enable 'Require SSO for this domain' to block password logins for your company's email domain.
Role mapping
By default everyone provisioned via SSO becomes an Employee. To auto-map managers and admins, configure attribute-based role mapping in Settings → Security → SSO → Role mapping. Supported attributes are 'role' and 'department' on the SAML assertion.
SCIM provisioning is not yet generally available. If you need automatic deprovisioning when someone leaves your IdP, email info@bearacle.com — we're onboarding design partners.
Was this article helpful, or missing something? Email info@bearacle.com or open a ticket.