单点登录 (SSO)

了解你的企业组织如何使用你的身份提供者来管理团队中的 Expo 用户。

企业计划客户可以使用单点登录 (SSO)。

¥Single Sign-On (SSO) is available for Enterprise plan customers.

要开始，请为 Expo SSO 准备你的身份提供者 (IdP)，并按照下面的 IdP 配置指南收集信息。完成此操作后，你组织的所有者可以按照指示执行启用 SSO。

¥To get started, prepare your identity provider (IdP) for Expo SSO and gather information by following the configuration guide for your IdP below. Once you have done this, an owner of your Organization can follow instructions to enable SSO.

如果你有疑问或问题，请联系联系我们，我们将帮助你设置组织。

¥If you have questions or issues, contact us and we'll help you set up your organization.

身份提供商支持

¥Identity provider support

Expo SSO 支持以下身份提供商：

¥Expo SSO supports the following identity providers:

身份提供商	资源
奥克塔	配置指南
OneLogin	配置指南
微软 Entra ID	配置指南
Google 工作区	配置指南

我们实现 OpenID 连接发现 1.0 规范，并正在努力验证其他兼容的身份提供商。如果你使用其他身份提供商并且对 SSO、让我们知道感兴趣。

¥We implement the OpenID Connect Discovery 1.0 specification and are working to verify additional compatible identity providers. If you use another identity provider and are interested in SSO, let us know.

在组织上设置 SSO

¥Setting up SSO on an organization

以组织账户所有者身份登录，选择组织，然后转到组织设置 > 概览。

¥Log in as the Organization account owner, select the Organization, then go to Organization settings > Overview.

单击“为账户创建 SSO 配置”选项旁边的“开始”按钮。

¥Click the Start button next to the Create SSO configuration for account option.

使用你在 IdP 设置期间收集的信息输入你的 IdP 的配置详细信息：

¥Enter the configuration details for your IdP using the information you collected during the IdP setup:

客户端 ID

¥Client ID
客户端密钥

¥Client secret
如果需要，请提供 IdP 子域/租户 ID。单击“发行者”字段上方的？图标以获取有关输入内容的帮助。

¥IdP subdomain/tenant ID, if needed. Click the ? icon above the Issuer field for help with what to enter.

单击“创建 SSO 配置”。

¥Click Create SSO Configuration.

组织设置 > 概览页面现在将显示更新 SSO 配置选项。如果客户端密钥发生变化，请使用此选项进行更新。

¥The Organization settings > Overview page will now display an Update SSO configuration option. Use this option to update the client secret if it changes.

SSO 用户登录

¥SSO user sign in

Expo 网站

¥Expo website

导航至 expo.dev/sso-login 并输入你组织的账户名称。你可以创建一个预填充组织名称的链接。例如，expo.dev/sso-login/test-org 预填充 test-org。

¥Navigate to expo.dev/sso-login and enter the account name of your organization. You can create a link that pre-fills the organization name. For example, expo.dev/sso-login/test-org pre-fills test-org.

登录你的身份提供商 (IdP)。

¥Log in to your identity provider (IdP).

系统将提示你选择 Expo 用户名。这将是你的 Expo 账户的用户名。

¥You'll be prompted to select an Expo username. This will be the username for your Expo account.

Expo CLI

适用于 SDK 50 及更高版本。对于以前的版本，Expo CLI 将在通过 EAS CLI 登录后使用你的 SSO 账户。

¥Available with SDK 50 and above. For previous versions, the Expo CLI will use your SSO account after logging in via the EAS CLI.

使用 Expo CLI 时，你可以运行以下命令登录你的 Expo 账户。

¥When using the Expo CLI, you can run the following command to log in to your Expo account.

Terminal

- npx expo login --sso

系统将提示你在浏览器中通过 Expo 网站登录，完成后将重定向回 CLI。

¥You will be prompted to log in via the Expo website in a browser and will be redirected back to the CLI upon completion.

EAS 命令行接口

¥EAS CLI

使用 EAS CLI 时，你可以运行以下命令登录你的 Expo 账户。

¥When using the EAS CLI, you can run the following command to log in to your Expo account.

Terminal

- eas login --sso

系统将提示你在浏览器中通过 Expo 网站登录，完成后将重定向回 CLI。

¥You will be prompted to log in via the Expo website in a browser and will be redirected back to the CLI upon completion.

Expo

在执行登录流程时，单击登录页面上的“继续使用 SSO”按钮。

¥Click the Continue with SSO button on the sign-in page when going through the sign-in flow.

按照上述步骤登录 Expo 网站。

¥Follow the above steps to sign in to the Expo website.

SSO 用户限制

¥SSO user restrictions

SSO 用户就像普通用户一样。但是，有一些已知的例外情况：

¥SSO users are like regular users. However, there are a few known exceptions:

SSO 用户只能属于其 SSO 组织。他们也不能创建额外的组织。

¥SSO users can only belong to their SSO organization. They also cannot create additional organizations.
SSO 用户无法离开其 SSO 组织。这样做会删除其 SSO 用户。

¥SSO users cannot leave their SSO organization. Doing so deletes their SSO user.
SSO 用户无法登录 Expo 论坛。

¥SSO users cannot log in to the Expo forums.
SSO 用户无法为其个人账户订阅 EAS。

¥SSO users cannot subscribe to EAS for their personal accounts.

单点登录管理

¥SSO administration

新组织和现有组织都可以启用 SSO 作为登录选项。拥有现有非 SSO 成员的组织可以启用 SSO，然后将新成员引导至 SSO 登录页面，而现有用户则继续使用其当前的 Expo 凭据。为了支持外部贡献者，支持 SSO 的组织还允许通过电子邮件邀请其他非 SSO 用户。

¥Both new organizations and existing organizations can enable SSO as a sign in option. Organizations with existing non-SSO members can enable SSO and then direct new members to the SSO sign-in page, while existing users continue to use their current Expo credentials. To support external contributors, SSO-enabled organizations also allow inviting additional non-SSO users via email.

将现有用户转换为 SSO

¥Transitioning existing users to SSO

普通用户可能是一个或多个个人、团队和组织账户的成员，而 SSO 用户只属于其组织账户。因此，现有用户无法直接转换为 SSO 用户。但是，已经是你组织成员的普通用户可以通过转至单点登录页面创建第二个用户。然后，可以从组织中删除他们的常规用户。

¥Regular users may be a member of one or many personal, team, and organization accounts while SSO users belong exclusively to their organization account. Thus, existing users cannot be directly converted into SSO users. However, a regular user who's already a member of your organization may create a second user by going to the SSO login page. Then, their regular user can be removed from the organization.

要从使用常规 Expo 账户转换为 SSO 账户，请执行以下步骤：

¥To transition from using a regular Expo account to an SSO account, follow these steps:

检查你是否已在 expo.dev 登录。如果是这样，请退出。

¥Check if you're already logged in at expo.dev. If so, log out.

转到单点登录页面并按照提示操作，例如输入你的组织名称、创建新的 Expo 用户名以及登录你的身份提供商。

¥Go to the SSO login page and follow the prompts, such as entering your organization name, creating a new Expo username, and logging in to your identity provider.

默认情况下，你的新 SSO 用户将具有“仅查看”角色。如果你需要不同的角色，请要求管理员或所有者在成员设置中更新你的角色。

¥By default, your new SSO user will have the View Only role. If you need a different role, ask an Admin or Owner to update your role in Member settings.

运行 eas login --sso 以在 CLI 上切换到你的新账户。

¥Run eas login --sso to switch to your new account on the CLI.

此时，管理员或所有者可以从组织中删除你的旧用户。在成员设置中，组织成员列表指示用户是 SSO 还是非 SSO 用户。管理员或所有者可以单击旧用户旁边的下拉菜单，然后单击删除成员。

¥At this time, the Admin or Owner can remove your old user from the organization. In Member settings, the list of organization members indicates whether a user is an SSO or non-SSO user. The Admin or Owner can click the dropdown next to the old user and click Remove member.

如果你不再需要旧用户账户，请注销新的 SSO 账户，然后登录旧账户并转到 用户设置。向下滚动并单击删除账户。请注意，这将删除你旧用户账户下的所有项目。它不会影响该组织拥有的任何项目。

¥If you no longer need your old user account, log out of your new SSO account, then log in to your old account and go to User settings. Scroll down and click Delete Account. Note that this will delete any projects under your old user account. It will not affect any projects owned by the organization.

如果你希望在新的 SSO 用户账户上重复使用旧用户名，你可以在创建 SSO 账户之前转到旧用户下的 用户设置 并重命名它。或者，你可以在删除旧用户后重命名 SSO 用户账户的 Expo 用户名。虽然 Expo 用户名必须是唯一的，但如果你的身份提供商上的电子邮件地址与你的旧用户的电子邮件地址相匹配，就可以了。

¥If you wish to reuse your old username on your new SSO user account, you can go to User settings under your old user and rename it before creating your SSO account. Alternatively, you can rename your SSO user account's Expo username after deleting your old user. While Expo usernames need to be unique, it is OK if your email address on your identity provider matches the email address of your old user.

删除 SSO 用户

¥Remove SSO users

如果有人离开你的组织，请在你的 IdP 中删除或禁用他们。根据你使用 IdP 配置的令牌刷新持续时间，被删除的用户随后将失去对其 Expo 账户的访问权限。如果你希望提前删除它们，或者你希望删除它们以清理你账户中的用户，你可以在组织成员设置页面上执行此操作：

¥If someone has left your organization, remove or disable them in your IdP. Depending on the token refresh duration you configured with your IdP, the removed user will subsequently lose access to their Expo account. If you wish to remove them ahead of that time or you wish to remove them to clean up users on your account, you may do so on the organization Member settings page:

导航至你的 pnpm 文档。

¥Navigate to your organization account Member settings.

单击要删除的成员旁边的下拉列表，然后单击删除 SSO 用户。

¥Click the dropdown next to the member you wish to delete, and click Delete SSO user.

这将删除他们的个人账户以及与之相关的所有数据。你组织账户中的所有数据将不受影响。

更改计费或停止使用 SSO

¥Change billing or discontinue use of SSO

需要有效的企业计划才能继续使用 SSO。联系我们如果你希望停止使用 SSO 或更改你的计划。

¥An active Enterprise Plan is required to continue using SSO. Contact us if you wish to discontinue the use of SSO or change your plan.

为了确保无论是否启用 SSO，都能不间断地访问你的组织，SSO 组织必须保留至少一名具有所有者角色的非 SSO 用户作为成员。

¥To ensure uninterrupted access to your organization whether or not SSO is enabled, SSO organizations must keep at least one non-SSO user with the Owner role as a member.

删除 SSO 组织

¥Delete SSO organization

为组织配置 SSO 后，Expo 团队必须手动完成账户删除。联系我们寻求帮助。

¥Once SSO is configured for an organization, account deletion must be done manually by the Expo team. Contact us for assistance.