> ## Documentation Index
> Fetch the complete documentation index at: https://docs.seminode.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On (SSO)

> Enterprise SSO authentication via SAML 2.0 and OIDC protocols.

## Overview

Seminode supports enterprise Single Sign-On (SSO) via industry-standard SAML 2.0 and OIDC protocols. Our authentication infrastructure is designed to integrate with any compliant identity provider (IdP), enabling seamless and secure access for enterprise customers.

***

## Supported Protocols

| Protocol      | Details                                                                                 |
| :------------ | :-------------------------------------------------------------------------------------- |
| **SAML 2.0**  | SP-initiated and IdP-initiated flows; signed assertions; encrypted assertions supported |
| **OIDC**      | Authorization Code flow with PKCE; standard claims mapping                              |
| **OTP / MFA** | Compatible with external MFA solutions enforced at the IdP layer                        |

***

## Compatible Identity Providers

Seminode integrates with any SAML 2.0 or OIDC-compliant identity provider, including but not limited to:

* Google Workspace
* Microsoft Entra ID (Azure AD)
* Okta
* OneLogin
* And many more

<Note>
  If your organization enforces multi-factor authentication at the identity provider level, no additional integration is required on the Seminode side. MFA is handled by your IdP before the SAML/OIDC assertion is passed to Seminode. Seminode can also enforce an additional MFA layer (SMS OTP, TOTP) per organization if desired — contact support to configure.
</Note>

***

## SSO Configuration Process

| Step | Action                                                                                 | Responsibility       |
| :--- | :------------------------------------------------------------------------------------- | :------------------- |
| 1    | Customer provides IdP metadata (Entity ID, SSO URL, X.509 certificate) or metadata URL | Customer IT          |
| 2    | Seminode provides SP metadata (ACS URL, Audience URI, attribute mapping requirements)  | Seminode Engineering |
| 3    | Customer configures Seminode as a service provider in their IdP                        | Customer IT          |
| 4    | Both parties validate the SSO connection end-to-end                                    | Joint                |

***

## Getting Started

To set up SSO for your organization, contact your Seminode account representative or reach out to **[Seminode Support <Icon icon="arrow-up-right" />](https://seminode.com/contact-us)** with your identity provider details. Typical setup time is 1–2 business days from receipt of IdP metadata.
