Configure SSO and enterprise authentication in Cursor. Triggers on "cursor sso",
"cursor saml", "cursor oauth", "enterprise cursor auth", "cursor okta". Use when working with cursor sso integration functionality. Trigger with phrases like "cursor sso integration", "cursor integration", "cursor".
Configure Single Sign-On for Cursor using SAML 2.0 or OIDC. Available on Business and Enterprise plans. Supports Okta, Microsoft Entra ID (Azure AD), Google Workspace, and any SAML 2.0 / OIDC compliant IdP.
Prerequisites
Cursor Business or Enterprise subscription
Admin access to both Cursor organization and Identity Provider
In Entra ID app > SAML Signing Certificate > Download "Federation Metadata XML"
Step 4: Upload to Cursor
Same as Okta Step 4: Admin Dashboard > SSO > Upload metadata.
SSO Configuration: Google Workspace
Step 1: Create SAML App
Google Admin Console > Apps > Web and mobile apps > Add app > Add custom SAML app
App name: "Cursor IDE"
Step 2: Configure
ACS URL: https://cursor.com/api/auth/saml/callback
Entity ID: https://cursor.com/api/auth/saml
Name ID format: EMAIL
Name ID: Basic Information > Primary email
Step 3: Download IdP Metadata
Google provides this during app creation. Save the metadata XML.
Step 4: Upload to Cursor
Admin Dashboard > SSO > Upload metadata.
SCIM Provisioning (Enterprise Only)
SCIM 2.0 automatically syncs users and groups from your IdP to Cursor:
Wait for DNS propagation (up to 48 hours, usually minutes)
Click "Verify" in Cursor admin
Rollout Strategy
Phase 1: Pilot (1 week)
[ ] Configure SSO with test users only
[ ] Verify sign-in flow works end-to-end
[ ] Test: new user SSO sign-in creates Cursor account
[ ] Test: sign-out and re-sign-in preserves settings
[ ] Test: IdP session timeout triggers re-auth in Cursor
[ ] Document any issues or friction points
Phase 2: Gradual Rollout (2 weeks)
[ ] Enable SSO for one team/department
[ ] Monitor sign-in success rate in admin dashboard
[ ] Collect feedback on the auth experience
[ ] Resolve any IdP attribute mapping issues
Phase 3: Organization-Wide
[ ] Enable SSO requirement for all users
[ ] Disable password-based login (optional)
[ ] Enable SCIM for automatic provisioning
[ ] Set up IdP group → Cursor role mapping
[ ] Document SSO in company IT wiki
Troubleshooting
Issue
Cause
Fix
"SAML Response Invalid"
Wrong ACS URL or Entity ID
Verify URLs match exactly
User not created after SSO
SCIM not enabled or email mismatch
Check SCIM logs in IdP
"Domain not verified"
DNS record not propagated
Wait, then re-verify
Redirect loop after SSO
Browser cookies corrupted
Clear cookies for cursor.com
SSO works but wrong role
Group mapping misconfigured
Check IdP group assignments
"No seat available"
All seats assigned
Purchase more seats or revoke unused
Enterprise Considerations
MFA enforcement: Apply MFA policy at the IdP level (Okta/Entra). Cursor defers to IdP for MFA.