Organization Settings

General Settings#

General settings determine the options available to your users when they create their Sauce Labs accounts.

To access General settings:

  1. In Sauce Labs, click Account and then click Team Management.
Team management navigation
  1. On the Organization Management page, in the Organization Settings section, click View Settings.
View settings
  1. On the General tab, you have the following option:
OptionDescription
Require Full Name for UsersWith this option enabled, users must enter both a first name and a last name when creating their accounts.

Security Settings#

Sauce Labs security settings allow organization admins to manage how users in their enterprise can run tests.

To access Security settings:

  1. In Sauce Labs, click Account and then click Team Management.
  2. On the Organization Management page, in the Organization Settings section, click View Settings.
View settings
  1. On the Security tab, you have the following options:
OptionDescription
Require Sauce Connect Proxy/VPN

Sauce Connect Proxy and IPSec VPN provide a secure connection between the Sauce Labs cloud and applications under test that are typically behind a firewall or on a local machine.

When this option is set to Enabled:
  • All network traffic from virtual platforms (browsers, emulators, and simulators) MUST go through a Sauce Connect Proxy or IPSec VPN tunnel.
  • No network traffic can occur outside the tunnel, unless intentionally directed by the user (i.e., exceptions for specific domains can be made with certain Sauce Connect Proxy commands).
  • If no Sauce Connect Proxy or IPSec VPN tunnels are available, all tests on virtual browsers, emulators, and simulators will fail.
This feature is disabled by default.

NOTE: This setting DOES NOT apply to the Headless (US-East-1) Data Center.
Require Sauce Connect Proxy/VPN

With this setting, which must be configured by Sauce Labs Support on the back end:
  • All network traffic accessed by private real device browsers during your tests MUST go through a Sauce Connect Proxy or IPSec VPN tunnel. Otherwise, they will be blocked from accessing the public internet directly.
  • Private real devices will be placed on a special wi-fi network that blocks all network traffic except websites compliant with your network.
  • Restriction will be applied to private real devices only (i.e., it won't affect tests on public devices or devices that use SIM cards).
  • If no Sauce Connect Proxy or IPSec VPN tunnels are available, private real devices will not have network connectivity; all tests on those devices will fail.
This is a static setting that cannot be changed programmatically by organization admins or users. If you’re interested in this configuration, contact your Sauce Labs CSM and they will help you get set up.
Allow Only Organization Admins to Start Sauce Connect Proxy TunnelsWhen this option is set to Enabled, all users except organization admins will be prevented from starting new Sauce Connect Proxy tunnels. Users would need to run tests using existing, shared Sauce Connect Proxy tunnels.

This feature is disabled by default.
Enable Sauce Connect Proxy/VPN for Public Cloud Devices

When this option is set to Enabled:
  • Your entire organization will be able to run live and automated public cloud real device tests, but they MUST go through a Sauce Connect Proxy or IPSec VPN tunnel.
  • If a user tries to run an automated test without Sauce Connect Proxy or IPSec VPN, they'll see an error indicating that there was a failure obtaining a device for their script and the test will fail.
  • If a user tries to run a live test without Sauce Connect Proxy or IPSec VPN, they will see an error indicating that they do not have access to public devices and the test will fail.
  • If no Sauce Connect Proxy or IPSec VPN tunnels are available, all test attempts on public cloud devices will fail.
  • Each time a user initiates a test on a public real device, they'll see a banner that will prompt them to read and agree to risk advisory terms to proceed with testing.
This feature is disabled by default. Once you toggle the option to Enabled, you'll see the change go into effect in about five minutes. Switching back to Disabled will take about one hour to propagate.
Enable Job Visibility Across TeamsWhen this option is set to Enabled, users across teams will be able to see jobs and builds from all other teams in your organization. If disabled, this option will prevent such cross-team visibility.

This feature is enabled by default.
Logout URLThis option allows you to run custom processes after the user logs out. You can define a secure https:// URL to redirect the user to that URL on logout or if a session times out. If this field is empty, users will be redirected to the default login page.
Should you decide to use this, you must enter a URL starting with HTTPS (HTTP will not work).
Reset All Access KeysAll users have a unique access key that they use to authenticate to Sauce Labs, which is usually integrated into their test scripts. Clicking Reset All Access Keys will invalidate all access keys for your organization, and require users to update their tests scripts with new access keys.

NOTE: If a user attempts to run a script containing an invalidated access key, the test and any build that contains it will fail. You should only click Reset All Access Keys in the event of a major security issue.

Single Sign-On Settings#

When you set up SSO with Sauce Labs, you are establishing a connection between the IdP used by your organization, such as Okta or Microsoft's Active Directory, and your Sauce Labs account, that will enable users to log in to Sauce Labs with their IdP credentials.

NOTE: For more detailed information about setting up SSO, see Setting Up Single Sign-On.

  1. In Sauce Labs, click Account and then click Team Management.
  2. On the Organization Management page, in the Organization Settings section, click View Settings.
View settings
  1. On the Organization Settings page, click the Single Sign-On tab.
SSO Settings tab
  1. Enter a unique identifier string. The string will be applied to user names to make sure that your users will have unique names associated with your account.
  2. Upload the SAML metadata file provided by your IdP that contains the list of your SSO users. Sauce Labs SSO supports most SAML 2.0 metadata files. For more information about specific IdPs, see Configuring Active Directory Federation Services (AD FS) and Configuring Okta.
  3. Under Enable Single Sign On, toggle the switch to Enabled. For more information about adding new users and SSO considerations, see Adding and Deactivating Users.

NOTE: If the account you're setting up with SSO is not the only account your organization has with Sauce, the EntityID field must be unique for each account, otherwise the setup will fail. The EntityID field is a simple string that can be changed manually in the metadata file prior to upload. If users are added to your IdP after you've set up SSO with Sauce Labs, then Sauce Labs accounts will be created for them the first time they attempt to log in using their SSO credentials.

SSO Advanced Options#

OptionDescription
Default Team PlacementAssign SSO users to a default team when they are added to Sauce Labs.
Require SSO Login (Recommended)Enabling this option will require users to log in to Sauce Labs using their SSO credentials, even if they already have individual Sauce Labs accounts. These users can run test automation using credentials. For more information about adding new users and SSO considerations, see Adding and Deactivating Users.
Last updated on by Laura Thomas