playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / windsurf-enterprise-sso

windsurf-enterprise-sso skill

/plugins/saas-packs/skill-databases/windsurf/skills/windsurf-enterprise-sso

This skill configures enterprise SSO for Windsurf, enabling seamless authentication with SAML/OIDC providers and secure user management.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill windsurf-enterprise-sso

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
1.9 KB
---
name: "windsurf-enterprise-sso"
description: |
  Configure enterprise SSO integration for Windsurf. Activate when users mention
  "sso configuration", "single sign-on", "enterprise authentication", "saml setup",
  or "identity provider". Handles enterprise identity integration. Use when working with windsurf enterprise sso functionality. Trigger with phrases like "windsurf enterprise sso", "windsurf sso", "windsurf".
allowed-tools: "Read,Write,Edit,Bash(cmd:*)"
version: 1.0.0
license: MIT
author: "Jeremy Longshore <[email protected]>"
---

# Windsurf Enterprise Sso

## Overview

This skill enables enterprise Single Sign-On (SSO) integration for Windsurf deployments. It supports SAML 2.0, OIDC/OAuth 2.0, and integration with major identity providers including Okta, Azure AD, and Google Workspace. Proper SSO configuration ensures secure authentication, simplified user management, and compliance with enterprise security requirements.

## Prerequisites

- Windsurf Enterprise subscription
- Organization administrator access
- Identity provider admin access
- Understanding of SAML/OIDC protocols
- Compliance requirements documented
- Certificate management capabilities

## Instructions

1. **Prepare Identity Provider**
2. **Configure Windsurf SSO**
3. **Set Up Certificates**
4. **Configure Policies**
5. **Test and Enable**


See `{baseDir}/references/implementation.md` for detailed implementation guide.

## Output

- Configured SSO integration
- User attribute mappings
- Group sync configuration
- Audit logging setup

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources

- [Windsurf SSO Guide](https://docs.windsurf.ai/admin/sso)
- [SAML 2.0 Configuration](https://docs.windsurf.ai/admin/saml)
- [OIDC Configuration](https://docs.windsurf.ai/admin/oidc)

Overview

This skill configures enterprise Single Sign-On (SSO) integration for Windsurf deployments. It supports SAML 2.0 and OIDC/OAuth 2.0 and includes integrations for Okta, Azure AD, and Google Workspace. Use it to centralize authentication, simplify user lifecycle management, and meet enterprise security and compliance requirements.

How this skill works

The skill walks an administrator through preparing an identity provider, exchanging metadata, and applying SSO settings inside Windsurf. It also helps map user attributes, enable group synchronization, install and rotate certificates, and configure audit logging and session policies. Finally, it provides structured testing steps to validate authentication flows before enabling SSO in production.

When to use it

  • You need centralized user authentication for Windsurf in an enterprise environment
  • Migrating from local accounts to SAML or OIDC-based identity providers
  • Enforcing corporate security controls and compliance for access
  • Integrating Windsurf with Okta, Azure AD, or Google Workspace
  • Setting up group sync and attribute mappings for automated provisioning

Best practices

  • Perform configuration in a staging environment and validate with test accounts
  • Document attribute mappings and group membership rules before enabling sync
  • Use short-lived certificates and a rotation plan to reduce exposure
  • Enable audit logging and monitor sign-in and provisioning events
  • Coordinate change windows with identity provider admins and communicate to users

Example use cases

  • Configure Windsurf to use Azure AD for employee SSO and automatic group-based access
  • Set up SAML with Okta for centralized authentication and enforce MFA policies
  • Enable OIDC with Google Workspace to allow contractor access without local accounts
  • Map identity attributes to Windsurf roles to automate onboarding and offboarding
  • Validate SSO failover behavior and audit trails before fully switching production traffic

FAQ

Which protocols does this skill support?

It supports SAML 2.0 and OIDC/OAuth 2.0 for enterprise identity integration.

What prerequisites are required?

You need a Windsurf Enterprise subscription, org admin access, identity provider admin access, and basic SAML/OIDC knowledge.

Can I test SSO before enabling it for all users?

Yes. The skill recommends staging validation with test accounts and configurable test endpoints before enabling production SSO.