> For the complete documentation index, see [llms.txt](https://docs.feedotter.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.feedotter.com/settings/security/enable-sso-in-your-account.md).

# Enable SSO in Your Account

{% hint style="danger" %}
Single sign-on is available on our Enterprise service tier.  Please contact out sales team for any questions about adding this to your account at: <success@feedotter.com>
{% endhint %}

Enabling single sign-on (SSO) for your domain within FeedOtter allows Users you manage using an identity provider to easily and securely log in to their accounts. This article is all about SSO and how to set it up in your account.

### What is SSO?

Single sign-on (or SSO) is a way to manage your organization's users, allowing them to authenticate and log in to many different applications with just one set of credentials, rather than having to set up multiple usernames and passwords across different platforms. It allows you to manage your users in a single location at your identity provider and prevents potentially losing or forgetting FeedOtter login credentials, as those are stored through another service.

### Setting up SAML/SSO <a href="#setup" id="setup"></a>

To complete the setup in FeedOtter, you must already have service with an identity provider (IdP) of your choice.&#x20;

You'll need to be a FeedOtter account **Owner or Admin** to follow these steps. See the [User Roles Guide ](https://docs.feedotter.com/account-management/manage-users/user-roles-guide)for more information about the account Owner or Admin. &#x20;

1. Click **Settings > Security,** and toggle the Enable SAML option (whichever is needed, or both). <br>

   <div align="left" data-with-frame="true"><figure><img src="/files/4FTt0JKdKskW356IFzci" alt=""><figcaption></figcaption></figure></div>
2. You'll need to add a FeedOtter application to your IdP. We have instructions for several of the more popular below, as well as using a generic identity provider. You can check out the instructions for each here:

* [Enabling SSO with OneLogin as the Identity Provider](/settings/security/enable-sso-in-your-account/enable-sso-with-onelogin-as-the-identity-provider.md)
* [Enabling SSO with Okta as the Identity Provider](/settings/security/enable-sso-in-your-account/enable-sso-with-okta-as-the-identity-provider.md)
* [Enabling SSO with Azure AD as the Identity Provider](/settings/security/enable-sso-in-your-account/enable-sso-with-azure-ad-as-the-identity-provider.md)
* [Enabling SSO with a Generic Identity Provider](/settings/security/enable-sso-in-your-account/enable-sso-with-a-generic-identity-provider.md)

All of the details you need to create a new application with your IdP are found on the **Settings > Security** page:

<div align="left" data-with-frame="true"><figure><img src="/files/wL9uNUQdnD43Wupy9yfv" alt=""><figcaption></figcaption></figure></div>

3. After setting up FeedOtter as a new application, you will need to enter the endpoint URL that you receive from the IdP in the **Single Sign-On URL** field in FeedOtter. You will also need to grab the IdP public key so that you can digitally sign authentication assertions, the X.509 certificate. Upload it to FeedOtter using the **Upload Certificate** button.

<div align="left"><figure><img src="/files/xVQd7Ml5xmR8EwxPWfB5" alt=""><figcaption></figcaption></figure></div>

4. Toggle the **Force SAML Sign-in** on if you prefer to have your Users and Administrators only log in to FeedOtter through this method. The Account Owner will always be able to log in using a password as well.&#x20;

## Creating end-user accounts <a href="#creating-end-user-account" id="creating-end-user-account"></a>

To add members, create accounts for them in your IdP. Then create accounts for them in FeedOtter.&#x20;

FUTURE? The first time a new member logs in to FeedOtter via the IdP, a FeedOtter account will be created for them via automatic IdP provisioning. The user will have access to organization resources as an organization member.

## ​Removing accounts <a href="#removing-end-user-accounts" id="removing-end-user-accounts"></a>

Removing a member from the IdP will prevent the user from being able to sign in to the corresponding FeedOtter account, **but will not remove the account from FeedOtter**. We advise also removing the disabling the user from the FeedOtter account.&#x20;

{% hint style="info" %}
**The FeedOtter 'Owner' role will always be able to login with either SSO or password to ensure access to their account.**
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.feedotter.com/settings/security/enable-sso-in-your-account.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.