# Set Up Single Sign-On (SSO)
In this guide, you will configure Single Sign-On (SSO) to allow your users to access Radiant Security through your Identity Provider (IdP). Setting up SSO ensures a secure and streamlined login experience, while centralizing authentication and access management.
### Supported Identity Providers
We currently support SSO with the following Identity Providers:
* [Okta](#configure-sso-for-okta)
* [Google](#configure-sso-for-google)
* [Microsoft Entra ID](#configure-sso-for-microsoft-entra-id)
{% hint style="info" %}
Once SSO is configured, it is automatically enforced for all users. If you ever need to bypass SSO (for example, in an emergency), we provide a “break‑glass” option that allows temporary SSO bypass. To use this option, simply contact our support team.
{% endhint %}
### Configure SSO for Okta
Use Okta as your SSO provider to let users access Radiant securely and easily, with centralized identity management and enforcement of your organization’s authentication policies.
Configure Okta as a SAML 2.0 identity provider for Radiant, so your users can authenticate via your company’s Okta portal.
#### Prerequisites
* [ ] Admin access to Okta Admin Console
#### Create SAML application
1. Log in to the **Okta Admin Dashboard**, then click **Applications.**
2. Click **Create App Integration**.
3. Select **SAML 2.0** as the sign-in method and click **Next**.
4. Name the app (e.g., `Radiant`) and click **Next**.
5. In the **SAML Settings** section:
* **Single sign-on URL**: The value is provided by Radiant in the setup.
* **SP Entity ID (Audience URI)**: The value is provided by Radiant in the setup.
* **Name ID format**: `EmailAddress`
#### Assign users or groups
1. Go to the **Assignments** tab of the app.
2. Click **Assign >** **Assign to Groups** and select the groups that should have access to Radiant via SSO.
#### Submit metadata to Radiant
To complete the setup, send us your identity provider metadata.
1. In the Okta's **Sign On** tab, scroll to the **SAML Signing Certificates** section.
2. Click **View SAML setup instructions**.
3. Copy the **Identity Provider Metadata URL**.
### Configure SSO for Google
Use Google as your SSO provider to let users access Radiant securely and easily, with centralized identity management and enforcement of your organization’s authentication policies.
Configure Google as a SAML 2.0 identity provider for Radiant, so your users can authenticate via your company’s Google portal.
#### Prerequisites
* [ ] Write access to Google Workspace Admin Console
#### Create a SAML application
1. Log in to your **Google Workspace dashboard** and click **Web and mobile apps** in the sidebar.
2. Click **Add app** and click **Add custom SAML app**.
3. Enter the name of your application (e.g., `Radiant Security`), then click **Continue**.
4. Skip to the next screen by clicking **Continue**.
5. Copy the **ACS URL** and **Entity ID** values from Radiant’s SSO setup and paste these values into Google’s. The **Name ID** format should be `EMAIL`.
#### Assign users or groups
1. Under **Service status**, enable **ON for everyone** for the SAML application you just created.
2. Click **Save**.
#### Submit metadata to Radiant
To complete the implementation of SAML SSO, you need to provide Radiant with your identity provider’s details.
1. Click **Download metadata.**
2. Upload the **Metadata** **file** downloaded from the previous step into Radiant.
### Configure SSO for Microsoft Entra ID
Use Entra ID as your SSO provider to let users access Radiant securely and easily, with centralized identity management and enforcement of your organization’s authentication policies.
Configure Entra ID as a SAML 2.0 identity provider for Radiant, so your users can authenticate via your company’s Entra ID portal.
#### Prerequisites
* [ ] Admin access to Azure Portal
#### Create SAML application
1. Go to Azure Portal, open the portal menu and select **Enterprise applications**.
2. Click **New application**.
3. Click **Create your own application**.
4. Provide a name for your app (e.g., `Radiant Security`), select **Integrate any other application you don't find in the gallery (Non-gallery)**, and click **Create**.
5. In the **Overview** page, select **Set up single sign on**.
6. Select **SAML**.
7. Click **Edit**.
8. Copy the **Reply URL** and **Identifier** values from Radiant’s SSO setup and paste these values into Azure's **Basic SAML Configuration**.
#### Assign users or groups
After creating the enterprise application, you should proceed to assign individual users or groups so that they can authenticate using SAML.
1. Select **Users and groups** from the left menu.
2. Click **Add user/group**.
3. Click **None Selected**.
4. Search for the user or group you wish to add and click **Select**.
5. Click **Assign**.
#### Submit metadata to Radiant
To complete the implementation of SAML SSO, you need to provide Radiant with your identity provider’s details.
1. Click on the **Single sign-on** from the left menu.
2. Locate **App Federation Metadata Url** under **SAML Signing Certificates.**
3. Select **Copy** to copy the link, then paste it into Radiant.
_Okta_01.png?alt=media&token=6bb6fa47-8960-47d2-b265-6ae44c2cc3e9)
_Okta_02.png?alt=media&token=8167c816-a8b2-4465-bae6-07c1055d738d)
_Okta_03.png?alt=media&token=a919c897-4167-4350-ae8b-adb225bcca7a)
_Okta_04.png?alt=media&token=55e295c0-941b-40da-9f0e-cd0c032c052f)
_Okta_05.png?alt=media&token=1fdda2d5-ddf3-4815-bcb5-96bdfb157de8)
_Okta_06.png?alt=media&token=c4928d3b-d379-40c0-a239-f66b746bac85)
_Okta_07.png?alt=media&token=9b71faab-de63-4483-93a5-667e803edf59)
_Google_01.png?alt=media&token=5ca72da0-7a5f-48b2-8aca-9e32dd94ba21)
_Google_02.png?alt=media&token=e9f43311-103b-47fc-b2a1-ad3a46e2b6f3)
_Google_03.png?alt=media&token=a27f307c-f29a-4824-a8c3-3776543a2393)
_Google_04.png?alt=media&token=fe5ed39a-cab5-4a54-9f06-cd653dba4efa)
_Google_05.png?alt=media&token=976a7624-72b5-4d84-b84a-ee5016de4342)
_Google_06.png?alt=media&token=f7577fce-f65b-423a-90d7-ac01d138de06)
_Google_07.png?alt=media&token=9897dff4-4768-497b-b52e-c937bec015b6)
_Google_08.png?alt=media&token=f837fe4c-0c93-41f5-8e2f-a4a3b384189e)
_Google_09.png?alt=media&token=06863f10-9a12-4676-a9e0-5e2ce4963340)
_Microsoft_01.png?alt=media&token=6451f02d-3909-4515-8ac3-5d9582094de9)
_Microsoft_02.png?alt=media&token=5189c9eb-9570-49fe-9e88-a7fa5d79694b)
_Microsoft_03.png?alt=media&token=6d24a9d9-dde3-4f38-83cf-8cdddf3df681)
_Microsoft_04.png?alt=media&token=0e6392c7-0a73-47d5-b950-296e671f31f2)
_Microsoft_05.png?alt=media&token=7e081303-2007-4ef0-b5d5-c55eff8e81b4)
_Microsoft_06.png?alt=media&token=c5f72d39-7667-42bf-8896-7e7d4b6ce943)
_Microsoft_07.png?alt=media&token=8a094a7d-d146-40b2-8506-47eb5d6351e0)
_Microsoft_08.png?alt=media&token=8b1ade95-232c-4cac-b8c6-59afdcc3c235)
_Microsoft_09.png?alt=media&token=263228c8-b46d-4f77-94cc-eb65533d6e8f)
_Microsoft_10.png?alt=media&token=a837a474-ab32-4040-a934-741cdea040d7)
_Microsoft_11.png?alt=media&token=5c07be28-43e5-42dc-87c2-3f7903984e48)
_Microsoft_12.png?alt=media&token=f0b78898-f52d-4ce4-8ad0-cce74d6bd688)
_Microsoft_13.png?alt=media&token=4a38a502-5553-457c-b979-4cedf01af79a)