cursor-sso-integration
Configure SAML 2.0 and OIDC SSO for Cursor with Okta, Microsoft Entra ID, and Google Workspace. Triggers on "cursor sso", "cursor saml", "cursor oauth", "enterprise cursor auth", "cursor okta", "cursor entra", "cursor scim".
61
73%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/cursor-pack/skills/cursor-sso-integration/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, specific description that clearly identifies the domain (Cursor SSO configuration), protocols (SAML 2.0, OIDC), and supported identity providers. The trigger terms are well-chosen and cover natural user queries. The main weakness is the lack of an explicit 'Use when...' clause, though the 'Triggers on' phrasing partially compensates.
Suggestions
Reframe 'Triggers on...' as a proper 'Use when...' clause, e.g., 'Use when the user needs to set up SSO for Cursor, mentions Cursor authentication with Okta/Entra/Google, or asks about SAML/OIDC configuration for Cursor.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists specific concrete actions: configuring SAML 2.0 and OIDC SSO, and names specific identity providers (Okta, Microsoft Entra ID, Google Workspace). The domain (Cursor) and protocols are clearly identified. | 3 / 3 |
Completeness | The 'what' is clearly answered (configure SAML 2.0 and OIDC SSO for Cursor with specific IdPs). However, there is no explicit 'Use when...' clause — the trigger terms are listed but framed as 'Triggers on' rather than providing explicit guidance on when Claude should select this skill. This is close but doesn't fully meet the 'when' requirement per the rubric. | 2 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms that users would actually say: 'cursor sso', 'cursor saml', 'cursor oauth', 'cursor okta', 'cursor entra', 'cursor scim', and 'enterprise cursor auth'. These cover common variations and specific provider names. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — the combination of Cursor + SSO + specific identity providers creates a very clear niche. The trigger terms are specific enough (e.g., 'cursor okta', 'cursor entra') that this is unlikely to conflict with generic SSO or generic Cursor skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable SSO configuration guide with specific endpoint URLs, attribute mappings, and step-by-step instructions for three major identity providers. Its main weaknesses are the lack of validation/feedback loops in the technical workflow and the monolithic structure that could benefit from splitting IdP-specific guides into separate files. The rollout strategy and some enterprise considerations add bulk without proportional value for Claude's task execution.
Suggestions
Add explicit validation checkpoints after key steps, e.g., 'Verify metadata XML downloaded correctly by checking it contains <EntityDescriptor>' before uploading to Cursor, and 'If SSO test fails, check ACS URL matches exactly before re-testing.'
Split IdP-specific configurations (Okta, Entra ID, Google Workspace) into separate referenced files to reduce the main SKILL.md size and improve progressive disclosure.
Remove or significantly trim the Rollout Strategy section—it's project management guidance rather than technical instruction Claude needs to configure SSO.
Remove the 'Understanding of SAML 2.0 or OIDC concepts' prerequisite and the SAML 2.0 Specification link—Claude already knows these concepts.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with well-structured configuration blocks, but includes some unnecessary content like the 'Understanding of SAML 2.0 or OIDC concepts' prerequisite, the detailed rollout strategy (Phase 1-3 checklists are project management advice Claude doesn't need), and enterprise considerations that are more informational than actionable. The troubleshooting table and core configuration steps are tight. | 2 / 3 |
Actionability | Provides specific URLs, exact attribute mappings, concrete DNS record formats, SCIM configuration values, and step-by-step instructions for three major IdPs. The configuration blocks are copy-paste ready with real endpoint URLs and field names, making this highly actionable. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced for each IdP (create app → configure SAML → download metadata → upload → test), and the Okta flow includes a test step. However, there are no explicit validation checkpoints or error recovery loops between steps—e.g., no 'verify the metadata XML is valid before uploading' or 'if upload fails, check X.' The rollout strategy has checklists but the core technical workflow lacks feedback loops. | 2 / 3 |
Progressive Disclosure | The content is well-organized with clear headers and sections, but it's a monolithic document (~180 lines) that could benefit from splitting IdP-specific configurations into separate files. The rollout strategy and SCIM provisioning sections could be referenced rather than inline. No bundle files exist to offload detail into. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
8a9cd04
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.