# Enable SSO with a Generic Identity Provider

Enabling single sign-on (SSO) for your domain within FeedOtter allows your Users to easily and securely log in to their accounts. This article will help you get set up if your IdP is Okta. For more general information on adding and using SSO with FeedOtter, check out [Enable SSO in Your Account](/account-management/security/enable-sso-in-your-account.md).

{% hint style="info" %}
Single Sign-On requires an Enterprise license.
{% endhint %}

### What is SSO?

Single sign-on (or SSO) is a way to manage your organization's users, allowing them to authenticate and log in to many different applications with just one set of credentials, rather than having to set up multiple usernames and passwords across different platforms. It allows you to manage your users in a single location at your identity provider and prevents potentially losing or forgetting FeedOtter login credentials, as those are stored through another service.

### Setting up SSO with a Generic Identity Provider <a href="#steps" id="steps"></a>

This section explains step by step how to configure SAML Single Sign-On between Help Scout and a generic Identity Provider. Please see the separate articles listed below for setup instructions if your Identity Provider is Okta, OneLogin, or Azure AD:

* Enabling SSO with OneLogin as the Identity Provider
* [Enabling SSO with Okta as the Identity Provider](/account-management/security/enable-sso-in-your-account/enable-sso-with-okta-as-the-identity-provider.md)
* Enabling SSO with Azure AD as the Identity Provider

**Note:** Service Provider (FeedOtter) provisioning is not supported. Accounts should be created first in the IdP or FeedOtter, and then authenticated via the IdP prior to logging in to FeedOtter.

You'll need to be the FeedOtter Account Owner or an Administrator to get this setup for your account.

1. Login to FeedOtter, then navigate to Settings > Company Settings > Security > Single Sign-On
2. Before making any changes on this page, take note of the *Post-back URL* and the *Audience URI* at the bottom of the page.

<div align="left"><figure><img src="/files/rvXm9n9jFKu15IcMteLE" alt=""><figcaption></figcaption></figure></div>

3. Log in to your preferred Identity Provider as an administrator.
4. Following the IdP documentation, create an "app" that uses the *Post-back URL* and the *Audience URI* from step 2. You can also upload a FeedOtter logo (if that option is available) to make it easier for users to see which application they are signing in to. FeedOtter allows for two optional attributes in the SAML Response: "firstName", "lastName".
5. Configure the IdP application to allow access to all the relevant users within the organization. This can typically be done either manually or by using groups/roles defined within the IdP users list.
6. Now that you have the app created, locate the *Single Sign-On URL* and the *X.509 Signing Certificate*.
7. Head back to FeedOtter, then navigate to Settings > Company Settings > Security > Single Sign-On.  You can now click **Enable SAML**.
8. On the form that you are presented with, use the details from step 6. Paste the URLs and certificate text into the respective boxes.
9. Toggle **Force SAML Sign-in** if you want users to only log in to FeedOtter via SSO with the Identity Provider. Even if this is selected, an Account Owner will *always* be able to log in to FeedOtter with their account password (this is to prevent the Account Owner from getting locked out). Don't forget to click the **Save** button.

Single Sign-On will now be enabled. Users need to log in via the identity provider prior to logging into FeedOtter.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-a-generic-identity-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.