This information only applies to organizations on the Enterprise plan.

This page describes the basic setup for a private instance of the Buf Schema Registry (BSR). Currently, this requires manual work and communication between Buf engineers and your organization.

Configure your DNS

Your BSR instance is hosted using a custom domain provided by you. For example, if your domain is, you might choose to use as your private BSR server hostname. Once you've chosen a hostname for your BSR instance, please inform us of the name.

A Buf engineer will provide you with the value for your CNAME records. The following examples use as a placeholder for this value.          CNAME

Your private BSR instance will be reachable from the public internet and is protected by SSO and CLI tokens. If your organization requires additional security measures such as IP range restriction, please reach out to discuss.

SSO configuration

Private BSR instances only support login through SSO. During setup, a Buf engineer will work with your organization to configure it. See the SSO docs for details and instructions about updating your configuration.

Assign administrative users

After SSO has been configured and the first users have successfully logged in, at least one user needs to be promoted to server administrator. During the setup process, please indicate to your Buf representative which users should be promoted.

After these steps are complete, your private BSR is ready to use.

Next steps

  • Read the user lifecycle page to understand how Buf provisions users in the BSR
  • Review the relevant SSO and/or SCIM docs for your Identity Provider (IdP)