1. Have your account set up with Codefresh enterprise plan.

2. Ensure you have a working SAML 2.0 compliant Identity Provider (IdP).

3. Identify someone in your organization who is familiar with configuring and managing your organization's IdP.

4. Ensure that your IdP's system clock is synchronized with a reliable time source. If it is not, tokens generated will be unusable and SSO will fail.

4. Ensure that your IdP's system clock is synchronized with a reliable time source. If it's not, tokens generated will be unusable and SSO will fail.

{:.text-secondary}

<divclass="bd-callout bd-callout-info"markdown="1">

Note

Steps 2 to 7happen in the background and are transparent to the user.

Steps 2 to 7happens in the background and are transparent to the user.

</div>

1. A user logs in to Codefresh and enters their email

2. The user is redirected to Codefresh Service Provider (SP) to initiate SSO.

3. The user’s browser is then redirected to the customer IdP.

4. Once authenticated by the corporate side, a SAML token is sent to the user’s browser.

5. The SAML assertion is then forwarded to Codefresh SP.

6. If you are a valid Codefresh user for this SSO connection, an SSO token is returned to the user’s browser.

7. The user’s browser then returns a token to Codefresh and access is granted for your account.

2. The user is redirected to Codefresh Service Provider (SP) to initiate SSO

3. The user’s browser is then redirected to the customer IdP

4. Once authenticated by the corporate side, a SAML token is sent to the user’s browser

5. The SAML assertion is then forwarded to Codefresh SP

6. If you are a valid Codefresh user for this SSO connection, an SSO token is returned to the user’s browser

7. The user’s browser then returns a token to Codefresh and access is granted for your account

Go to your SSO settings by clicking on*Account settings* on the left sidebar in the Codefresh UI and then selecting*Single Sign-on* again from the left sibar (or visit directly[https://g.codefresh.io/account-admin/sso](https://g.codefresh.io/account-admin/sso))

**Client Name* - leave the field empty and it will get an autogenerated value once you save the settings.

**Display Name* - any arbitrary name you want to give in this integration.

**IDP entry* - The SSO endpoint of your Identity Provider.

**Application Certificate* - The security certificate of your Identity Provider. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand.

**IDP Entry* - The SSO endpoint of your Identity Provider.

**Application Certificate* - The security certificate of your Identity Provider. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand.

**Assertion URL* -`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback​` (where ​<your_codefresh_client_name>​ is taken from the SSO configuration you created on the section above. It was automatically generated by Codefresh after saving the SSO settings).

Click the*SAVE* button and make sure to note down the`Client Name` that was autogenerated.

Then in the settings of your Identity Provider create a new Service Provider and provide the following:

**Service Provider SSOendpoint* -`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback​` (where ​`<your_codefresh_client_name>​` is taken from the SSO configuration you created on the section above. It was automatically generated by Codefresh after saving the SSO settings.

**Service Provider SSOEndpoint* -(Assertion consumer service URL) -`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback`

**Service Provider Entity ID* - ​`g.codefresh.io`

The mandatory fields needed for SAML assertions are:

1. firstName - user first name.

1. lastName - user last name.

1. email - user email.

1. firstName - user first name

1. lastName - user last name

1. email - user email

Once everything is finished, you[should test the integration]({{site.baseurl}}/docs/administration/single-sign-on/sso-setup-oauth2/#testing-your-identity-provider). Once it is working proceed to the next steps that are: