> ## Documentation Index
> Fetch the complete documentation index at: https://help.clippopotamus.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Set Up SSO (Single Sign-On)

> Connect your identity provider so team members can sign in securely.

SSO lets your team sign in to Clippo using your organization's existing identity provider (like Okta, Azure AD, or Google Workspace). This means no separate passwords to manage and centralized access control.

\[VIDEO COMING SOON]

## Supported providers

Clippo supports SSO via:

* **SAML 2.0** — Okta, Azure AD, OneLogin, PingIdentity, and any SAML 2.0-compliant provider
* **OIDC (OpenID Connect)** — Google Workspace, Auth0, and any OIDC-compliant provider

## Before you start

You'll need:

* Admin access to your Clippo Enterprise account
* Admin access to your identity provider (IdP)
* Your IdP's metadata URL or XML file (for SAML), or Client ID and Secret (for OIDC)

## Setting up SAML SSO

<Steps>
  <Step title="Open SSO settings in Clippo">
    Go to the [Admin Dashboard](/enterprise/admin-dashboard), click **Settings**, then click **Single Sign-On**.

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Select SAML 2.0">
    Click **SAML 2.0** as your SSO protocol.

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Copy the Clippo SP details">
    Clippo will show you the Service Provider (SP) details you need to enter in your identity provider:

    | Field              | Value                           |
    | ------------------ | ------------------------------- |
    | **ACS URL**        | Displayed on screen — copy this |
    | **Entity ID**      | Displayed on screen — copy this |
    | **Name ID format** | `emailAddress`                  |

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Configure your identity provider">
    In your IdP admin console, create a new SAML application using the SP details from the previous step. You'll also need to configure these attribute mappings:

    | IdP attribute | Clippo attribute |
    | ------------- | ---------------- |
    | `email`       | `email`          |
    | `firstName`   | `firstName`      |
    | `lastName`    | `lastName`       |

    Assign the application to the users or groups that should have Clippo access.
  </Step>

  <Step title="Enter your IdP metadata in Clippo">
    Back in Clippo's SSO settings, enter your IdP metadata. You can either:

    * Paste your **IdP metadata URL** (recommended — stays in sync automatically)
    * Upload your **IdP metadata XML file**

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Test the connection">
    Click **Test Connection**. Clippo will open a new window and attempt to sign in via your IdP. If it works, you'll see a success message.

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Enable SSO">
    Once the test passes, click **Enable SSO**. You can choose between:

    * **SSO optional** — users can sign in with SSO or email/password
    * **SSO required** — all users must sign in through SSO (recommended for security)

    \[SCREENSHOT COMING SOON]
  </Step>
</Steps>

## Setting up OIDC SSO

<Steps>
  <Step title="Open SSO settings in Clippo">
    Go to the [Admin Dashboard](/enterprise/admin-dashboard), click **Settings**, then click **Single Sign-On**.
  </Step>

  <Step title="Select OpenID Connect">
    Click **OpenID Connect** as your SSO protocol.

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Copy the Clippo redirect URI">
    Clippo will show you the **Redirect URI** to enter in your identity provider.

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Configure your identity provider">
    In your IdP admin console, create a new OIDC application:

    * Set the **Redirect URI** to the value from the previous step
    * Set the **Grant type** to Authorization Code
    * Copy the **Client ID** and **Client Secret**
  </Step>

  <Step title="Enter your OIDC details in Clippo">
    Back in Clippo, enter:

    * **Issuer URL** (e.g., `https://accounts.google.com`)
    * **Client ID**
    * **Client Secret**

    \[SCREENSHOT COMING SOON]
  </Step>

  <Step title="Test and enable">
    Click **Test Connection**, then **Enable SSO** once the test passes.
  </Step>
</Steps>

## Troubleshooting SSO

| Issue                                 | Solution                                                                                                                                  |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| Test connection fails                 | Double-check your ACS URL / Redirect URI in the IdP. Make sure attribute mappings are correct.                                            |
| Users see "account not found"         | The user's email in the IdP must match their Clippo account email. Add them via the [Admin Dashboard](/enterprise/admin-dashboard) first. |
| Users can't log in after enabling SSO | If SSO is set to "required," all users must have matching IdP accounts. Switch to "optional" temporarily to debug.                        |

## Need help?

SSO configuration can be tricky. If you run into issues, contact [enterprise@clippo.com](mailto:enterprise@clippo.com) and we'll help you get set up.

## Related pages

* [How to Use the Admin Dashboard](/enterprise/admin-dashboard)
* [Clippo Enterprise: What Is Included](/enterprise/overview)
