# Enable SSO in Your Account

{% hint style="danger" %}
Single sign-on is available on our Enterprise service tier.  Please contact out sales team for any questions about adding this to your account at:  <success@feedotter.com>
{% endhint %}

Enabling single sign-on (SSO) for your domain within FeedOtter allows Users you manage using an identity provider to easily and securely log in to their accounts. This article is all about SSO and how to set it up in your account.

### What is SSO?

Single sign-on (or SSO) is a way to manage your organization's users, allowing them to authenticate and log in to many different applications with just one set of credentials, rather than having to set up multiple usernames and passwords across different platforms. It allows you to manage your users in a single location at your identity provider and prevents potentially losing or forgetting FeedOtter login credentials, as those are stored through another service.

### Setting up SAML/SSO <a href="#setup" id="setup"></a>

To complete the setup in FeedOtter, you must already have service with an identity provider (IdP) of your choice.&#x20;

You'll need to be a FeedOtter account **Owner or Admin** to follow these steps. See the [User Roles Guide ](https://docs.feedotter.com/account-management/manage-users/user-roles-guide)for more information about the account Owner or Admin. &#x20;

1. Click **Settings > Security,** and toggle the Enable SAML option.

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FlumuXQ58ELQjryaK0fa6%2F2023-03-20_19h44_06.png?alt=media&#x26;token=2171be61-af3c-48c9-bfa6-7ef66be29f4c" alt=""><figcaption><p>Access SAML settings in your FeedOtter account.</p></figcaption></figure></div>

2. You'll need to add a FeedOtter application to your IdP. We have instructions for several of the more popular below, as well as using a generic identity provider. You can check out the instructions for each here:

* [Enabling SSO with OneLogin as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-onelogin-as-the-identity-provider)
* [Enabling SSO with Okta as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-okta-as-the-identity-provider)
* [Enabling SSO with Azure AD as the Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-azure-ad-as-the-identity-provider)
* [Enabling SSO with a Generic Identity Provider](https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-a-generic-identity-provider)

All of the details you need to create a new application with your IdP are found on the **Settings > Security** page:

<figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FW5Bk4HiWVz0ehTFbO6n3%2F2023-03-20_19h45_51.png?alt=media&#x26;token=0871ebec-416e-494b-baa7-e6ade6cfc11f" alt=""><figcaption></figcaption></figure>

3. After setting up FeedOtter as a new application, you will need to enter the endpoint URL that you receive from the IdP in the **Single Sign-On URL** field in FeedOtter. You will also need to grab the IdP public key so that you can digitally sign authentication assertions, the X.509 certificate. Upload it to FeedOtter using the **Upload Certificate** button.

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FI58UzFU2BEtfZ0KZ2i7a%2F2023-03-20_19h51_57.png?alt=media&#x26;token=d51a343f-e3ab-4ad3-9809-958889a3408e" alt=""><figcaption></figcaption></figure></div>

4. Toggle the **Force SAML Sign-in** on if you prefer to have your Users and Administrators only log in to FeedOtter through this method. The Account Owner will always be able to log in using a password as well.&#x20;

## Creating end-user accounts <a href="#creating-end-user-account" id="creating-end-user-account"></a>

To add members, create accounts for them in your IdP. Then create accounts for them in FeedOtter.&#x20;

FUTURE? The first time a new member logs in to FeedOtter via the IdP, a FeedOtter account will be created for them via automatic IdP provisioning. The user will have access to organization resources as an organization member.

## ​Removing accounts <a href="#removing-end-user-accounts" id="removing-end-user-accounts"></a>

Removing a member from the IdP will prevent the user from being able to sign in to the corresponding FeedOtter account, **but will not remove the account from FeedOtter**. We advise also removing the account from the FeedOtter organization.

### Forcing SSO login&#x20;

Once configured you can force users to login via SSO only.  Activate the switch on the SSO settings page to enable this behavior.

<div align="left"><figure><img src="https://2086102864-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIdHBGk8cqznUpEqm5g1U%2Fuploads%2FKrp6koecNIc1km2QWpDl%2F2023-03-20_19h52_44.png?alt=media&#x26;token=54f415f7-b01e-479a-b8fd-a8a176e29c6b" alt=""><figcaption></figcaption></figure></div>

{% hint style="info" %}
**The FeedOtter 'Owner' role will always be able to login with either SSO or password to ensure access to their account.**
{% endhint %}