> ## Documentation Index
> Fetch the complete documentation index at: https://docs.macstadium.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.macstadium.com/feedback

```json
{
  "path": "/macstadium/account-management-and-saml/saml-sso",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# SAML single sign-on for MacStadium accounts

> Set up SAML SSO for your MacStadium organization to manage user authentication and access through your identity provider. Supports Okta, Azure AD, and Google.

## Introduction

The MacStadium SAML Single Sign-On (SSO) integration provides a secure and seamless way for your organization to manage user authentication and access within your MacStadium account. By integrating your MacStadium account with your existing Identity Provider (IdP), such as Okta or Azure AD, you achieve the following benefits:

* Centralized User Management: Leverage your existing IdP to manage user accounts across your organization, including access to MacStadium services.
* Streamlined Login Experience: Users authenticate once with your IdP and gain access to MacStadium resources without needing separate credentials.
* Enhanced Security: SAML-based authentication adds robust security. Enforce security policies like MFA (Multi-Factor Authentication) from your IdP.

<Note>SAML SSO is a paid offering. Contact your account team through the [portal](https://portal.macstadium.com) for more information.</Note>

## Key Components

The MacStadium SAML SSO integration involves these key components:

* MacStadium SSO Service: Our dedicated SSO service handles user management functions (login, password reset, etc.) and facilitates communication between your MacStadium account and your IdP.
* MacStadium Portal: Remains the front-end interface for users, interacting with the SSO service.
* MacStadium Portal is used for managing user roles. Orka 3.0 login actions also rely on the MacStadium Portal.
* External Identity Provider (IdP): Your chosen IdP (for example, Okta, Azure AD) handles user authentication.

## How It Works

1. **Configuration** : Your IdP Admin will configure your IdP to integrate with MacStadium and provide some metadata to our support staff to complete the integration. See the setup guides under Next Steps below.
2. **User Login** : A user attempts to access MacStadium resources.
3. **Redirection** : The MacStadium Portal redirects users to your IdP's login page.
4. **Authentication** : The user provides their credentials to your IdP.
5. **SAML Assertion** : Your IdP successfully authenticates the user and generates a SAML assertion containing user information. This is sent to the MacStadium SSO service.
6. **Verification and Authorization** : The MacStadium SSO service validates the SAML assertion and grants user access based on configured permissions.

## Supported Providers

The MacStadium SAML SSO integration works seamlessly with major identity providers including:

* Okta
* Azure AD
* Google Workspace Federation

## Next Steps

Select your identity provider for step-by-step setup instructions:

* [Enable SAML SSO with Okta](/macstadium/account-management-and-saml/enable-saml-sso-with-okta)
* [Enable SAML SSO with Azure Active Directory](/macstadium/account-management-and-saml/enable-saml-sso-with-azure-active-directory)
* [Enable SAML SSO with Google Workspace](/macstadium/account-management-and-saml/enable-saml-sso-with-google-workspace-federation)