# Single sign-on (SAML) You can configure single sign-on for all users in your organization. This requires any user to authenticate through your identity provider (like Google Workspace or Okta). Users that log in using SSO will automatically get access to your organization (as a member). You can manually give new users admin rights on the **Users** screen. {% hint style="info" %} SSO is only available on the enterprise plan. You can upgrade on the Billing page on the [dashboard](https://dashboard.stablebuild.com). {% endhint %} ### Setting up SSO for Google Workspace 1. Log in to the Google Admin console at 2. Click **Apps > Web and mobile apps**, then **Add app > Add custom SAML app**\ \\

Adding a new SAML app in Google workspace

3. Enter "StableBuild" under app name, add a logo, and click **Continue**. 4. Click **Download metadata**, wait for the file to download, then click **Continue**.\\

5. Open a new browser window (keep Google Admin panel open), go to the [StableBuild Dashboard](https://dashboard.stablebuild.com), and click **Settings > Set up SAML**. 6. Set a name for the identity provider (e.g. Google Workspace), select the IdP metadata file from Google, and click **Upload metadata**.\\

Uploading the IdP metadata in StableBuild

7. Then copy the values from StableBuild to Google Workspace as below. Also make sure to set 'Name ID format' to 'EMAIL':\\

Configuring Google Workspace as an IdP in StableBuild

8. Afterwards, in the Google admin panel, click **Continue**, then **Finish**. Then under 'User access' click on the 'caret down' icon:\\

\ And enable the application for everyone:\\

Enabling anyone in your organization to use StableBuild from Google Workspace

9. Now you'll need to re-login once using SSO. In the StableBuild Dashboard, under **Settings > SAML / Single sign-on** find the "Direct log-in URL". Then sign-out of StableBuild (click your avatar and click "Sign out"). Then navigate to the direct log-in URL to trigger the SSO flow:\\

10. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to **Settings** and enable "Enforce log-in through SAML / SSO". That's it. You've now configured single sign-on for all your users using Google Workspace. 🔐 #### Caveats Logging in through Google's app drawer is currently not supported due to an issue in our authentication software ([here](https://github.com/FusionAuth/fusionauth-issues/issues/2545)).

### Setting up SSO for Okta 1. Log in to the Okta Admin console. 2. Click **Applications > Applications**, then **Create app integration**, choose "SAML 2.0" and click **Next**.\ \\

3. In step 1 of the SAML integration, enter "StableBuild" as your app name, upload a logo, and click **Next**.\ \\

4. In step 2, enter the following info (we'll update these later):\ \ ![](/files/ctjciHM27D52wbj5QcFp)\\ * Single sign-on URL: **** * Audience URI (SP Entity ID): **1234** * Default RelayState: *Leave blank* * Name ID format: **EmailAddress** \ Afterwards, click **Next**. 5. Click through step 3 and finish the wizard. 6. Under your application click "Sign On", then find "SAML Signing Certificates", select the 'Active' certificate, and click **View IdP metadata**. Then, save the resulting file (e.g. press CTRL+S or CMD+S).\\

7. Go to "Assignments", click **Assign > Assign to people**, and add yourself:\ \\

Assign people to use StableBuild from Okta

8. Open a new browser window (keep Okta open), go to the [StableBuild Dashboard](https://dashboard.stablebuild.com), and click **Settings > Set up SAML**. 9. Set a name for the identity provider (e.g. Okta), select the IdP metadata file you just downloaded, and click **Upload metadata**.\ \\

Uploading the Okta IdP metadata to StableBuild

10. Now, go back to Okta, and under your application choose **General**, and then under "SAML Settings", click **Edit**.\ \\

Editing the SAML settings for your Okta application

11. Under "Configure SAML", copy the values from StableBuild to Google Workspace as below. You'll need to click "Show Advanced Settings" to copy the 4th value.\ \\

12. Now you'll need to re-login once using SSO. Sign-out of StableBuild, go to your Okta app dashboard and click the StableBuild logo:\ \\

Log in to StableBuild from the Okta app dashboard

13. Once you've logged in through SSO once, you can enforce SSO for all members in your organization. Go to **Settings** and enable "Enforce log-in through SAML / SSO". That's it. You've now configured single sign-on for all your users using Okta. 🔐 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://stablebuild.gitbook.io/en/product/single-sign-on-saml.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.