CLI referenceLast updated May 28, 2026

Login CLI command reference

Authenticates against the Sanity.io API or a third-party identity provider via SAML SSO (Business / Enterprise plan feature).

USAGE
  $ sanity login [--open] [--provider <providerId>] [--sso <slug>] [--sso-provider <name>] [--with-token]

FLAGS
      --open                   Open a browser window to log in (`--no-open` only prints URL)
      --provider=<providerId>  Log in using the given provider
      --sso=<slug>             Log in using Single Sign-On, using the given organization slug
      --sso-provider=<name>    Select a specific SSO provider by name (use with --sso)
      --with-token             Read token from standard input

DESCRIPTION
  Log in to your Sanity account

EXAMPLES
  Log in using default settings

    $ sanity login

  Login with GitHub provider, but do not open a browser window automatically

    $ sanity login --provider github --no-open

  Log in using Single Sign-On with the "my-organization" slug

    $ sanity login --sso my-organization

  Log in using a specific SSO provider within an organization

    $ sanity login --sso my-organization --sso-provider "Okta SSO"

  Log in using a token from standard input

    $ sanity login --with-token < token.txt

USAGE
  $ sanity login [--open] [--provider <providerId>] [--sso <slug>] [--sso-provider <name>] [--with-token]

FLAGS
      --open                   Open a browser window to log in (`--no-open` only prints URL)
      --provider=<providerId>  Log in using the given provider
      --sso=<slug>             Log in using Single Sign-On, using the given organization slug
      --sso-provider=<name>    Select a specific SSO provider by name (use with --sso)
      --with-token             Read token from standard input

DESCRIPTION
  Log in to your Sanity account

EXAMPLES
  Log in using default settings

    $ sanity login

  Login with GitHub provider, but do not open a browser window automatically

    $ sanity login --provider github --no-open

  Log in using Single Sign-On with the "my-organization" slug

    $ sanity login --sso my-organization

  Log in using a specific SSO provider within an organization

    $ sanity login --sso my-organization --sso-provider "Okta SSO"

  Log in using a token from standard input

    $ sanity login --with-token < token.txt

The sanity login process requires a browser. To run a command that requires authentication but where a browser is not available, such as on a server, you can login locally, run sanity debug --secrets to get a personal auth token, and then precede the command requiring authentication with SANITY_AUTH_TOKEN=<token>.

SANITY_AUTH_TOKEN=ab97ae7...0f9ff sanity init -y \
  --create-project "Movies Unlimited" \
  --dataset moviedb \
  --visibility private \
  --template moviedb \
  --output-path /path/to/folder

SANITY_AUTH_TOKEN=ab97ae7...0f9ff sanity init -y \
  --create-project "Movies Unlimited" \
  --dataset moviedb \
  --visibility private \
  --template moviedb \
  --output-path /path/to/folder

Login with SAML SSO

Users configured with SAML SSO can use the --sso flag when logging in to pass their slug and log into a project using their third-party identity provider. The slug is set via the Sanity Management Console and is configured under the Settings tab for the Organization.

To sign in as a different user, run sanity login again. The CLI invalidates the previous session and writes the new token in one step. See CLI authentication for the full auth surface, including SSO, robot tokens, and token storage.

Login CLI command reference

Login with SAML SSO

SAML SSO Prerequisites

Learn

Logout