Authentication

Account Invitation and Registration

Swagger Contract Testing users authenticate with SmartBear ID. See the SmartBear ID Documentation to learn about the login process and options.

Regardless of how a user authenticates, all users must first be invited by a Contract Testing administrator before access is granted. See Users on User Administration. Once a user has been invited, they will receive an invitation email requesting they login or create an account.

Social Logins

Eligible plans: all

SmartBear ID supports social login access using Github, Google and Microsoft. During account registration, the user can choose their preferred login option.

SSO with SAML 2.0

Eligible plans: Enterprise

Contract Testing supports SAML 2.0 integration with a compatible Identity Provider (IdP) such as Okta, Ping, Auth0, Azure AD, OneLogin, etc.

SAML2.0 allows you to externalise the authentication and access to your Contract Testing account. Authorization and fine-grained permissions are managed within your account by an account Administrator.

We do not currently support the following:

  • Automated user deprovisioning (users will appear "active" and count toward user limits, although will not be able to login if disabled in the IdP)

  • IdP initiated login

  • Service Provider (SP) initiated logout flow

  • SCIM*

Once SAML 2.0 has been configured on a Contract Testing instance, all users for the email domain are forced to authenticate via SAML 2.0, even if they had previously registered a username/password or social login.

Troubleshooting

If you run into any issues, see SmartBear ID documentation.

In this section:
© 2025
Publication date: