# SAML - SSO Secure, one‑click access to Siit. Enable Google or Microsoft sign‑in in seconds, or connect a third‑party SAML identity provider for enterprise control. You can test safely, then enforce SSO for everyone. Sign‑in options * Google SSO: one‑click OAuth sign‑in with Google Workspace accounts. * Microsoft SSO: one‑click OAuth sign‑in with Microsoft Entra ID accounts. * SAML SSO: connect your IdP (Okta, Microsoft Entra ID, OneLogin, JumpCloud, …). We support both SP‑initiated and IdP‑initiated flows. Suggested visual * \[Screenshot] Login screen with “Sign in with Google,” “Sign in with Microsoft,” and “Sign in with SSO” Quick start (Google/Microsoft) ⚡ * Go to Settings → Security → SSO. * Toggle “Allow sign in with Google” and/or “Allow sign in with Microsoft.” * Optionally restrict by email domain (e.g., only @yourcompany.com). * Save. Users can now click the relevant button on the login page. When to use: you want fast setup with your primary suite and don’t need custom claims or role mapping. What SAML adds * Centralized control and MFA via your IdP * Attribute/claim mapping to prefill name and email * Optional group → role mapping in Siit (if enabled for your workspace) * Certificate‑based trust with rotation support Supported providers * Okta * Microsoft Entra ID (Azure AD) * OneLogin * JumpCloud Provider‑specific, step‑by‑step guides are available in our Help Center. Troubleshooting * User cannot sign in * Check domain restriction and that the user exists with the correct email. * Verify email address and matches the Siit user’s email format. * Invalid signature / audience mismatch * Re‑upload a valid IdP certificate and confirm Entity ID and ACS URL match Siit. * Group/role not applied * Ensure the groups claim is included in the SAML assertion and the mapping rule exists in Siit. * Looping back to login * Confirm SP‑initiated vs IdP‑initiated configuration and redirect URLs; clear cookies and retry in a private window. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.siit.io/workspace/saml-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.