Plus plan subscribers can opt to enable SAML for their workspace.
We currently support most identity providers (Okta, OneLogin, LastPass, Auth0, Bitum, etc.). If you don't use SAML, the Plus plan also lets you remove the "login via email" authentication option so that users in your workspace must login with Google SSO.
Once SAML is enabled, all users in your workspace will be required to login via SAML. They can login via your identity provider's website or by clicking the option to Sign in with SAML/SSO on the Linear login page. They will not be able to load Linear if they try to login with Google or email.
To enable SAML, you'll need to upgrade to the Plus plan from Settings > Workspace > Plans. If you're moving from an existing plan to the Plus plan, your current subscription will be canceled and a credit will be applied to the new Plus plan subscription.
Linear offers a self-serve SAML configuration available from Settings > Workspace > Security. From here, you can paste in an XML URL or the raw XML text to connect with your identity provider. If you're not sure where to find this in your identity provider, take a look at their documentation or reach out to us for help.
Once you have added this information, you can add approved domains for logging in with SAML. You will need to provide an email for our verification process when adding a new domain.
Once your XML data and approved domains are added, you can toggle on SAML authentication. This will disable any other login method type and there is no way to have SAML as optional once enabled. Admin members of your workspace will still be able to login using email in case SAML is causing issues and needs to be turned off.