# SSO Settings

## Overview

You can configure your single sign-on settings in the System Settings section of Builder.

{% hint style="info" %}
Note that in order to edit these settings, a user must have the 'Edit System Settings' access option enabled as part of their [user role](/enate-help/builder/builder-2021.1/user-management/user-roles-and-feature-access.md). Users without this access option will be able to view the settings in read-only mode.
{% endhint %}

#### How to Configure Intelligent SSO Routing <a href="#how-to-configure-intelligent-sso-routing" id="how-to-configure-intelligent-sso-routing"></a>

Administrators can now map domain names (e.g., @yourcompany.com) to an SSO provider in Builder. By mapping domain names to an SSO provider, the system will use the domain of a user’s email address to instantly identify which SSO provider should handle their authentication.

To do this, in Builder navigate to the SSO Settings section of **System Settings**.

<img src="https://docs.enate.net/whats-new/~gitbook/image?url=https%3A%2F%2F1296463846-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F8xJkS0SKlesb8bmVBtGc%252Fuploads%252Fjv1d3cZFMue1XRU2gUg4%252Fimage.png%3Falt%3Dmedia%26token%3D5faeb00f-73e0-4cff-a734-dc5388611722&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=dea00522&#x26;sv=2" alt="" height="48" width="507">

Once there you can add, edit or delete Identity providers and domains. Certificates can also be replaced or downloaded.

<figure><img src="/files/xYwoDZCA4ZAqWoNTAWus" alt=""><figcaption></figcaption></figure>

**Adding an Identity Provider**

To add a new Identity Provider, click on the plus icon. In the resulting pop up you should set a name and can give an optional description, then choose to either import settings from a metadata file or enter settings manually.

<figure><img src="/files/y07fPNneRsPZv68hSaB3" alt=""><figcaption></figcaption></figure>

For a full list of SSO provider attributes see the table below:

| Attribute                               | Description                                                                                                                                                                                   |
| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Name                                    | A unique, human-readable identifier for the identity provider. This field is required.                                                                                                        |
| Logo for Login Page                     | Upload the logo for the provider. This logo will appear on the Enate login page.                                                                                                              |
| Description                             | An optional free-text field to provide additional context or notes about the identity provider configuration.                                                                                 |
| Login Binding Type                      | Specifies the SAML binding method used for login requests (e.g. HTTP Post or HTTP Redirect). Determines how authentication requests are transmitted to the IdP.                               |
| Logout Binding Type                     | Specifies the SAML binding method used for logout requests (e.g. HTTP Post or HTTP Redirect). Determines how logout requests are sent to the IdP.                                             |
| Allow Identity Provider Initiated Login | A toggle/checkbox that, when enabled, allows users to initiate a login session directly from the identity provider without a prior service provider request.                                  |
| Identity Provider ID                    | A unique identifier (typically a URI) that distinguishes this identity provider. Used by the service provider to reference the correct IdP during SAML exchanges. This field is required.     |
| Single Logout URL                       | The endpoint URL on the identity provider to which logout requests and responses are sent, enabling a coordinated single logout across all active sessions.                                   |
| Single Sign-On URL                      | The endpoint URL on the identity provider that receives and processes SAML authentication requests. This field is required.                                                                   |
| User Identifier Claim                   | The SAML assertion attribute used to uniquely identify the authenticated user (e.g. email or username). This field is required.                                                               |
| Identity Provider Certificate           | The X.509 public certificate provided by the identity provider, used to verify the digital signature on SAML assertions. Accepts DER or Base-64 encoded certificates. This field is required. |

**Editing / Deleting Identity Providers**

To edit an Identity Provider's details, click on the relevant provider row to bring up the provider details pop-up. You can then edit the details of that provider.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enate.net/enate-help/builder/builder-2021.1/system-wide-settings/sso-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.