# Single Sign-On (SSO) {% hint style="warning" %} Single Sign-On is only available for customers with [a paid plan](https://www.pynt.io/pricing). {% endhint %} Pynt supports most SAML 2.0-based identity providers, including: * G Suite * JumpCloud * [Microsoft Entra ID (formerly Azure Active Directory)](https://docs.pynt.io/documentation/account-management/single-sign-on-sso/setting-up-entra-id) * Office 365 * [Okta](https://docs.pynt.io/documentation/account-management/single-sign-on-sso/setting-up-okta) * PingFederate * Sharepoint Apps ## Setup Overview 1. Set up your identity provider with values from Pynt's [User Management](https://app.pynt.io/dashboard/settings/users-management) page. 2. Send the metadata file from your identity provider to Pynt to complete the setup. ## Setting up your Identity Provider Navigate to Settings -> [User Management](https://app.pynt.io/dashboard/settings/users-management). Using the values from the *Single Sign-On (SSO)* section, create a new SAML 2.0 application in your Identity Provider:

Once your identity provider is set up, send the **Identity Provider Metadata XML** to Pynt ([support@pynt.io](mailto:support@pynt.io?subject=SSO+Setup)) to complete the setup. ### Just-in-time Role setting Pynt supports controlling users roles with SAML assertions. You can setup the `role` assertion with one of the following values: * `user` - sets the user's role as an *User*. * `admin`- sets the user's role as an *Admin*. Once set, the user should Log out and Log in again to Pynt to see the changes applied. ## Login using Single Sign-On Once set, your users could sign up and login to Pynt via your dedicated Login URL or the SSO login option in the login page. ### Dedicated Login URL Your Dedicated Login URL can be found in the User Management page, under the *Single Sign-On (SSO)* section:

### Sign in with Single Sign-On (SSO) Pynt's login page contains an option to sign in with SSO -