# Single Sign-On (SSO)

{% hint style="warning" %}
Single Sign-On is only available for customers with [a paid plan](https://www.pynt.io/pricing).
{% endhint %}

Pynt supports most SAML 2.0-based identity providers, including:

* G Suite
* JumpCloud
* [Microsoft Entra ID (formerly Azure Active Directory)](/documentation/account-management/single-sign-on-sso/setting-up-entra-id.md)
* Office 365
* [Okta](/documentation/account-management/single-sign-on-sso/setting-up-okta.md)
* PingFederate
* Sharepoint Apps

## Setup Overview

1. Set up your identity provider with values from Pynt's [User Management](https://app.pynt.io/dashboard/settings/users-management) page.
2. Send the metadata file from your identity provider to Pynt to complete the setup.

## Setting up your Identity Provider

Navigate to Settings -> [User Management](https://app.pynt.io/dashboard/settings/users-management).

Using the values from the *Single Sign-On (SSO)* section, create a new SAML 2.0 application in your Identity Provider:

<figure><img src="/files/hHUxaP38sSrOMKH6J9kp" alt=""><figcaption><p>Single Sign-On (SSO) setup details</p></figcaption></figure>

Once your identity provider is set up, send the **Identity Provider Metadata XML** to Pynt ([support@pynt.io](mailto:support@pynt.io?subject=SSO+Setup)) to complete the setup.

### Just-in-time Role setting

Pynt supports controlling users roles with SAML assertions. You can setup the `role` assertion with one of the following values:

* `user` - sets the user's role as an *User*.
* `admin`- sets the user's role as an *Admin*.

Once set, the user should Log out and Log in again to Pynt to see the changes applied.

## Login using Single Sign-On

Once set, your users could sign up and login to Pynt via your dedicated Login URL or the SSO login option in the login page.

### Dedicated Login URL

Your Dedicated Login URL can be found in the User Management page, under the *Single Sign-On (SSO)* section:

<figure><img src="/files/ct5QQZ4F8SPBxQbePbPU" alt=""><figcaption></figcaption></figure>

### Sign in with Single Sign-On (SSO)

Pynt's login page contains an option to sign in with SSO -

<figure><img src="/files/5qhiqdRk7zKRnnMmvaNZ" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/P2qsRQpXAGP6EYgjd01y" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pynt.io/documentation/account-management/single-sign-on-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.