Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Osso is a source available microservice for adding SAML based SSO to your app. Deploy Osso to your infrastructure of choice, use the Osso Admin UI or osso-react to configure SAML for your customers that demand it, and sign them in to your application using OAuth with one of our OAuth client libraries, omniauth-osso or passport-osso.

Build status

Build status

Build status

Build status

Build status


  • Treat SAML like OAuth: SAML is clunky, and you're probably already using OAuth. Osso provides an OAuth server, an Admin UI for managing OAuth clients, and OAuth client libraries for Ruby and NodeJS. Let Osso worry about the ugly SAML bits and customer configuration while your team focuses on your core application.

  • SAML Config in Osso's UI or yours: For every customer who demands SAML SSO, you'll need to go through a multistep process of creating a secure handshake between Osso and the customer's SAML provider. Get started quickly by configuring your customers' SAML providers in the Osso Admin UI, or allow your customers to perform configuration themselves in your UI with hooks and components from our React library osso-react.

  • Docs for everyone: SAML is an open specification, but each Identity Provider uses specific terminology and offers their own workflows for adding a new application. Osso generates PDF documentation with the data your customer needs to configure your app in any provider, and provides thorough documentation for your team who integrates and manages your Osso instance.

Get Started


The fastest way to get started is to deploy to Heroku. Heroku will deploy your app, generating required ENV variables, and boostrapping your instance's database.


We also offer paid hosted plans that can reduce the integration workload on your development team.

Git-based deploys are another recommended way to deploy and maintain your own Osso instance. Updates will primarily be made in osso-rb and osso-react, libraries that provide the core functionality, so be sure to stay on top of updates.

Consume OAuth

When a user wants to sign in to your application with SAML, send them to Osso with their email domain as part of an OAuth 2.0 authorization flow. Osso routes the user to their SAML provider, normalizes the payload, and sends them back to your application to complete the OAuth flow.

Use omniauth-osso or passport-osso for more convenience.


Osso's primary documentation is at Key sections include:

  • Overview - Learn about Single Sign-On and SAML, why your customers want it and how to integrate it using Osso.
  • Quick start - A brief overview of a typical timeline for integrating Osso.
  • Deployment - Guides for deploying Osso to Heroku, via git or Docker, plus how to keep your instance up to date.
  • OAuth Setup - Authenticating SAML users to your application via OAuth.
  • Using Osso - A walk-through of the main functionality in our Admin UI.


We'd be thrilled to receive community contributions, but please note that Osso is owned and managed by a for-profit company, EnterpriseOSS, and you will not be compensated for your contributions. The goal of the project is to provide boilerplate code that you can evaluate to be certain you're confident running it in production, lowering the cost of adding better security for your customers while staying off of the SSO Wall of Shame.

Open Source

Osso is developed and maintained by EntepriseOSS with a Business Source License. BSL is used by companies like Sentry and MariaDB. While not technically an open source license according to OSI, you are only prohibited from using Osso to compete with hosted Osso plans offered by EnterpriseOSS. See the full license text.


A Ruby OAuth microservice for SAML based authentication



Code of conduct





No releases published


No packages published