cursor-sso-integration
Configure SAML 2.0 and OIDC SSO for Cursor with Okta, Microsoft Entra ID, and Google Workspace. Triggers on "cursor sso", "cursor saml", "cursor oauth", "enterprise cursor auth", "cursor okta", "cursor entra", "cursor scim".
Best use case
cursor-sso-integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Configure SAML 2.0 and OIDC SSO for Cursor with Okta, Microsoft Entra ID, and Google Workspace. Triggers on "cursor sso", "cursor saml", "cursor oauth", "enterprise cursor auth", "cursor okta", "cursor entra", "cursor scim".
Teams using cursor-sso-integration should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/cursor-sso-integration/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How cursor-sso-integration Compares
| Feature / Agent | cursor-sso-integration | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Configure SAML 2.0 and OIDC SSO for Cursor with Okta, Microsoft Entra ID, and Google Workspace. Triggers on "cursor sso", "cursor saml", "cursor oauth", "enterprise cursor auth", "cursor okta", "cursor entra", "cursor scim".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Cursor SSO Integration Configure Single Sign-On for Cursor using SAML 2.0 or OIDC. Available on Business and Enterprise plans. Supports Okta, Microsoft Entra ID (Azure AD), Google Workspace, and any SAML 2.0 / OIDC compliant IdP. ## Prerequisites - Cursor Business or Enterprise subscription - Admin access to both Cursor organization and Identity Provider - Verified company domain in Cursor admin dashboard - Understanding of SAML 2.0 or OIDC concepts ## SSO Configuration: Okta ### Step 1: Create SAML Application in Okta 1. Okta Admin Console > Applications > Create App Integration 2. Select **SAML 2.0** 3. App name: "Cursor IDE" ### Step 2: Configure SAML Settings ``` Single Sign-On URL (ACS URL): https://cursor.com/api/auth/saml/callback Audience URI (Entity ID): https://cursor.com/api/auth/saml Name ID format: EmailAddress Application username: Email Attribute Statements: email → user.email (Required) name → user.firstName + " " + user.lastName (Optional) ``` ### Step 3: Download IdP Metadata After creating the app in Okta: 1. Go to the app's "Sign On" tab 2. Click "Identity Provider metadata" link 3. Save the XML file ### Step 4: Upload to Cursor 1. Cursor Admin Dashboard > SSO 2. Select "SAML 2.0" 3. Upload the IdP metadata XML (or paste the metadata URL) 4. Save configuration ### Step 5: Test 1. Open Cursor incognito 2. Sign in with your `@company.com` email 3. Should redirect to Okta login 4. After auth, return to Cursor authenticated ## SSO Configuration: Microsoft Entra ID ### Step 1: Register Enterprise Application 1. Azure Portal > Entra ID > Enterprise applications > New application 2. Create your own application > "Cursor IDE" 3. Select "Integrate any other application you don't find in the gallery (Non-gallery)" ### Step 2: Configure SAML In the enterprise app > Single sign-on > SAML: ``` Basic SAML Configuration: Identifier (Entity ID): https://cursor.com/api/auth/saml Reply URL (ACS URL): https://cursor.com/api/auth/saml/callback Sign-on URL: https://cursor.com Attributes & Claims: Unique User Identifier: user.mail email: user.mail name: user.displayname ``` ### Step 3: Download Federation Metadata XML In Entra ID app > SAML Signing Certificate > Download "Federation Metadata XML" ### Step 4: Upload to Cursor Same as Okta Step 4: Admin Dashboard > SSO > Upload metadata. ## SSO Configuration: Google Workspace ### Step 1: Create SAML App 1. Google Admin Console > Apps > Web and mobile apps > Add app > Add custom SAML app 2. App name: "Cursor IDE" ### Step 2: Configure ``` ACS URL: https://cursor.com/api/auth/saml/callback Entity ID: https://cursor.com/api/auth/saml Name ID format: EMAIL Name ID: Basic Information > Primary email ``` ### Step 3: Download IdP Metadata Google provides this during app creation. Save the metadata XML. ### Step 4: Upload to Cursor Admin Dashboard > SSO > Upload metadata. ## SCIM Provisioning (Enterprise Only) SCIM 2.0 automatically syncs users and groups from your IdP to Cursor: ### What SCIM Handles | Operation | Trigger | Cursor Action | |-----------|---------|---------------| | User created in IdP | Okta/Entra creates user | Seat assigned in Cursor | | User deactivated in IdP | Okta/Entra deactivates | Seat revoked in Cursor | | Group membership change | User added/removed from group | Role updated in Cursor | ### SCIM Setup (Okta Example) 1. Cursor Admin Dashboard > SCIM > Generate SCIM token 2. In Okta > Cursor app > Provisioning > Enable SCIM 3. Configure: ``` SCIM connector base URL: https://cursor.com/api/scim/v2 Unique identifier field: email Authentication mode: Bearer token Bearer token: [paste token from Cursor] ``` 4. Enable: Create Users, Deactivate Users, Push Groups ## Domain Verification Required before SSO activation: 1. Cursor Admin Dashboard > Domains > Add domain 2. Add DNS TXT record: ``` Type: TXT Host: _cursor-verification Value: cursor-verify=xxxxxxxxxxxxxxxxxxxx ``` 3. Wait for DNS propagation (up to 48 hours, usually minutes) 4. Click "Verify" in Cursor admin ## Rollout Strategy ### Phase 1: Pilot (1 week) ``` [ ] Configure SSO with test users only [ ] Verify sign-in flow works end-to-end [ ] Test: new user SSO sign-in creates Cursor account [ ] Test: sign-out and re-sign-in preserves settings [ ] Test: IdP session timeout triggers re-auth in Cursor [ ] Document any issues or friction points ``` ### Phase 2: Gradual Rollout (2 weeks) ``` [ ] Enable SSO for one team/department [ ] Monitor sign-in success rate in admin dashboard [ ] Collect feedback on the auth experience [ ] Resolve any IdP attribute mapping issues ``` ### Phase 3: Organization-Wide ``` [ ] Enable SSO requirement for all users [ ] Disable password-based login (optional) [ ] Enable SCIM for automatic provisioning [ ] Set up IdP group → Cursor role mapping [ ] Document SSO in company IT wiki ``` ## Troubleshooting | Issue | Cause | Fix | |-------|-------|-----| | "SAML Response Invalid" | Wrong ACS URL or Entity ID | Verify URLs match exactly | | User not created after SSO | SCIM not enabled or email mismatch | Check SCIM logs in IdP | | "Domain not verified" | DNS record not propagated | Wait, then re-verify | | Redirect loop after SSO | Browser cookies corrupted | Clear cookies for cursor.com | | SSO works but wrong role | Group mapping misconfigured | Check IdP group assignments | | "No seat available" | All seats assigned | Purchase more seats or revoke unused | ## Enterprise Considerations - **MFA enforcement**: Apply MFA policy at the IdP level (Okta/Entra). Cursor defers to IdP for MFA. - **Session timeout**: Configure session lifetime in IdP. Cursor respects IdP session expiry. - **Emergency access**: Keep one admin account with email/password login in case SSO is misconfigured - **Compliance**: SSO provides centralized access logging at the IdP level for audit trails - **Cost**: SSO is included in Business ($40/user/mo) and Enterprise plans. No additional SSO fee. ## Resources - [Cursor SSO Documentation](https://docs.cursor.com/plans/business/sso) - [Cursor Enterprise](https://cursor.com/enterprise) - [SAML 2.0 Specification](https://docs.oasis-open.org/security/saml/v2.0/) - [Okta SAML Guide](https://developer.okta.com/docs/guides/saml-application-setup/)
Related Skills
running-integration-tests
Execute integration tests validating component interactions and system integration. Use when performing specialized testing. Trigger with phrases like "run integration tests", "test integration", or "validate component interactions".
workhuman-deploy-integration
Workhuman deploy integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman deploy integration".
workhuman-ci-integration
Workhuman ci integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman ci integration".
wispr-deploy-integration
Wispr Flow deploy integration for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr deploy integration".
wispr-ci-integration
Wispr Flow ci integration for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr ci integration".
windsurf-ci-integration
Integrate Windsurf Cascade workflows into CI/CD pipelines and team automation. Use when automating Cascade tasks in GitHub Actions, enforcing AI code quality gates, or setting up Windsurf config validation in CI. Trigger with phrases like "windsurf CI", "windsurf GitHub Actions", "windsurf automation", "cascade CI", "windsurf pipeline".
webflow-deploy-integration
Deploy Webflow-powered applications to Vercel, Fly.io, and Google Cloud Run with proper secrets management and Webflow-specific health checks. Trigger with phrases like "deploy webflow", "webflow Vercel", "webflow production deploy", "webflow Cloud Run", "webflow Fly.io".
webflow-ci-integration
Configure Webflow CI/CD with GitHub Actions — automated CMS validation, integration tests with test tokens, and publish-on-merge workflows. Use when setting up automated testing or CI pipelines for Webflow integrations. Trigger with phrases like "webflow CI", "webflow GitHub Actions", "webflow automated tests", "CI webflow", "webflow pipeline".
vercel-deploy-integration
Deploy and manage Vercel production deployments with promotion, rollback, and multi-region strategies. Use when deploying to production, configuring deployment regions, or setting up blue-green deployment patterns on Vercel. Trigger with phrases like "deploy vercel", "vercel production deploy", "vercel promote", "vercel rollback", "vercel regions".
veeva-deploy-integration
Veeva Vault deploy integration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva deploy integration".
veeva-ci-integration
Veeva Vault ci integration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva ci integration".
vastai-deploy-integration
Deploy ML training jobs and inference services on Vast.ai GPU cloud. Use when deploying GPU workloads, configuring Docker images, or setting up automated deployment scripts. Trigger with phrases like "deploy vastai", "vastai deployment", "vastai docker", "vastai production deploy".