Dev Portal SSO

You can configure single sign-on (SSO) for Konnect Dev Portal with OpenID Connect (OIDC) or SAML. This allows developers to log in to Dev Portals using their identity provider (IdP) credentials without needing a separate login.

To configure SSO, navigate to Dev Portal, click your Dev Portal, and click Settings in the sidebar. Then, click the Identity tab.

When configuring SSO for Dev Portal, keep the following guidelines in mind:

• Developers are auto-approved by Konnect when using SSO to log in to the Dev Portal.
  • Kong outsources the approval process to the IdP, so access restrictions must be configured in the IdP.
• If you are using team mappings from an IdP, they must come from the same IdP as your Dev Portal SSO.
• Each Dev Portal has its own SSO configuration.
  • You can use the same IdP across multiple Dev Portals or configure different IdPs per portal.
• Dev Portal SSO is distinct from Konnect Org-level SSO.
• You can combine built-in authentication with either OIDC or SAML (not both).
  • Keep built-in authentication enabled while testing your IdP integration.
  • Disable built-in authentication only after successfully validating the SSO login flow.

Combining OIDC and SAML is not supported. Use only one protocol alongside built-in auth if needed.

To ensure the preview experience in the Konnect Dev Portal Editor works correctly, configure your IdP with the following:

• Set the Sign On URL (SSO URL) to the login path of your Dev Portal’s domain:
  https://$YOUR_DOMAIN.com/login/sso
• For SAML:
  • Set the primary Reply URL (Assertion Consumer Service URL) to:
    https://$YOUR_DOMAIN.com/api/v2/developer/authenticate/saml/acs
  • Add an additional Reply URL to support preview mode:
    https://$YOUR_SUBDOMAIN.edge.us.portal.konghq.com/api/v2/developer/authenticate/saml/acs
• Allow iframe embedding of the IdP’s sign-in screen:
  • For example, Okta requires Trusted Origins.
    Add https://cloud.konghq.com as a Trusted Origin to allow login in the preview.