Modal logo
IntroductionCustom container images Defining ImagesUsing existing container imagesFast pull from registryGPUs and other resources GPU accelerationUsing CUDA on ModalReserving CPU and memoryScaling out Scaling outInput concurrencyBatch processingJob queuesDynamic batching (beta)Multi-node clusters (beta)Deployment Apps, Functions, and entrypointsManaging deploymentsInvoking deployed functionsContinuous deploymentRunning untrusted code in FunctionsModal Sandboxes SandboxesRunning commandsNetworking and securityFile accessSnapshotsModal NotebooksSecrets and environment variables SecretsEnvironment variablesScheduling and cron jobsWeb endpoints Web endpointsStreaming endpointsWeb endpoint URLsRequest timeoutsProxy Auth TokensNetworking TunnelsProxies (beta)Cluster networkingData sharing and storage Passing local dataVolumesStoring model weightsCloud bucket mountsDictsQueuesDataset ingestionPerformance Cold start performanceMemory SnapshotHigh-performance LLM inferenceGeographic latencyReliability and robustness Failures and retriesPreemptionTimeoutsGPU healthTroubleshootingSecurity and privacyIntegrations Using OIDC to authenticate with external servicesConnecting Modal to your Datadog accountConnecting Modal to your OpenTelemetry providerOkta SSOCustom SAML SSOSlack notifications (beta)Workspace & account settings WorkspacesEnvironmentsModal user account setupService usersBillingOther topics JavaScript/Go SDKsModal 1.0 migration guideFile and project structureDeveloping and debuggingDeveloping Modal code with LLMsJupyter notebooksAsynchronous API usageGlobal variablesRegion selectionContainer lifecycle hooksParametrized functionsS3 Gateway endpointsGPU Metrics

Custom SAML SSO

If you use an identity provider (IdP) other than Okta, you can configure custom SAML SSO for your Modal workspace.

For Okta-specific setup, see our Okta SSO documentation.

Prerequisites 

  • A Workspace that’s on an Enterprise plan
  • Admin access to the Workspace you want to configure with SSO
  • Admin privileges for your identity provider

Supported features 

  • Identity Provider (IdP) initiated SSO
  • Service Provider (SP) initiated SSO
  • Just-In-Time account provisioning

Configuration 

Configure your IdP with the following settings:

SettingValue
Entity IDhttps://www.modal.com
ACS URLhttps://modal.com/api/okta/saml/sso/<workspace>

Replace <workspace> with your Modal Workspace name.

Required SAML attributes 

Your IdP must send the following SAML attributes:

AttributeDescription
emailUser’s email address
firstNameUser’s first name
lastNameUser’s last name

Configuration steps 

Step 1: Configure your IdP 

  1. Create a new SAML application in your identity provider
  2. Set the Entity ID to https://www.modal.com
  3. Set the ACS URL to https://modal.com/api/okta/saml/sso/<workspace> (replace <workspace> with your Workspace name)
  4. Configure the required SAML attributes (email, firstName, lastName)
  5. Ensure your IdP signs SAML assertions
  1. Obtain the SAML Metadata URL from your IdP
  2. Sign in to https://modal.com and visit your Workspace Management page’s Identity and Provisioning tab
  3. Paste the Metadata URL in the input and click “Save Changes”

Step 3: Test the integration 

  1. Assign users in your IdP
  2. Test IdP-initiated SSO by clicking the Modal application in your IdP dashboard
  3. Test SP-initiated SSO by visiting the login URL below

Step 4: Read this before you enable “Require SSO” 

Enabling “Require SSO” will force all users to sign in via SSO. Ensure that you have admin access to your Modal Workspace through your identity provider before enabling.

Login URL 

This URL can be used so that users can sign-in to the correct workspace from your IdP.

https://modal.com/login/sso?workspace=<workspace> (replace <workspace> with your workspace name)