> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pelanor.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On (SSO)

> Connect your IdP to Pelanor to facilitate seamless login Sign-On (SSO) using OIDC (OpenIDC Connect).

<Info>
  **Before you begin:** You’ll need a unique <code>organization\_id</code>.\
  Contact your Account Manager or Pelanor Support to obtain it.
</Info>

***

## General Workflow

<Steps>
  <Step title="Create an OIDC application">
    Register an OIDC app in your IdP (Azure, Okta, or JumpCloud).
  </Step>

  <Step title="Add redirect URI">
    Use the format:

    | Environment  | Redirect URI format                                                   |
    | ------------ | --------------------------------------------------------------------- |
    | US (default) | `https://app.pelanor.io/api/auth/callback/{idp}-{organization_id}`    |
    | EU           | `https://app-eu.pelanor.io/api/auth/callback/{idp}-{organization_id}` |

    Replace `{idp}` with `entra`, `okta`, or `jumpcloud` and `{organization_id}` with your unique value.
  </Step>

  <Step title="Assign users">
    Assign users in your IdP that should be allowed to access Pelanor.
  </Step>

  <Step title="Send config to Pelanor Support">
    Share the following with Pelanor:

    * Client ID
    * Client Secret
    * Issuer URL / IdP domain
  </Step>

  <Step title="Wait for confirmation">
    Pelanor will notify you when the SSO connection is active.
  </Step>
</Steps>

***

## Finding Your Organisation Name

<Steps>
  <Step title="Open the Default Workspace">
    In Pelanor, go to **Settings → Workspaces** and click **Default Workspace**.
  </Step>

  <Step title="Copy the subtitle">
    The *subtitle* is your organization name, used for SSO login (lowercase, no spaces).
  </Step>
</Steps>

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/pelanor-6a347cfc/images/sso-1.png" alt="SSO Org Name Screenshot" />
</Frame>

***

## Logging in with SSO

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/pelanor-6a347cfc/images/sso-2.png" alt="SSO Login Screenshot" />
</Frame>

<Steps>
  <Step title="Go to login page">
    Open the Pelanor sign-in screen.
  </Step>

  <Step title="Click 'Log in with SSO'">
    You’ll be prompted to enter your organisation name.
  </Step>

  <Step title="Enter org name and authenticate">
    Enter your name (e.g., `acme`), authenticate via your IdP, and access the platform.
  </Step>
</Steps>

***

## Platform-Specific Instructions

### Microsoft Entra ID (Azure AD)

<Steps>
  <Step title="Register the app">
    Azure Portal → **Azure Active Directory → App registrations → New registration**
  </Step>

  <Step title="Set redirect URI">
    Use:

    * US: `https://app.pelanor.io/api/auth/callback/entra-{organization_id}`
    * EU: `https://app-eu.pelanor.io/api/auth/callback/entra-{organization_id}`
  </Step>

  <Step title="Create secret and collect info">
    * Create a secret under **Certificates & secrets**
    * Copy the **Client ID** and **Issuer URL**
  </Step>

  <Step title="Assign users">
    Navigate to **Users**, and assign Pelanor access.
  </Step>
</Steps>

***

### Okta

<Steps>
  <Step title="Create app integration">
    Okta Admin Console → **Applications → Create App Integration**

    * Sign-in method: **OIDC**
    * Application type: **Web**
  </Step>

  <Step title="Set redirect URI">
    Use:

    * US: `https://app.pelanor.io/api/auth/callback/okta-{organization_id}`
    * EU: `https://app-eu.pelanor.io/api/auth/callback/okta-{organization_id}`
  </Step>

  <Step title="Assign users and collect credentials">
    Assign users under **Assignments**\
    Copy the **Client ID**, **Client Secret**, and **Okta domain**
  </Step>
</Steps>

***

### JumpCloud

<Steps>
  <Step title="Add new OIDC app">
    JumpCloud Admin → **USER AUTHENTICATION → SSO Applications → + Add New Application**
  </Step>

  <Step title="Choose custom OIDC">
    Select **OIDC / Custom Application**, then click Next.
  </Step>

  <Step title="Set redirect URI and grant type">
    * US: `https://app.pelanor.io/api/auth/callback/jumpcloud-{organization_id}`
    * EU: `https://app-eu.pelanor.io/api/auth/callback/jumpcloud-{organization_id}`\
      Grant Type: **Authorization Code** (enable **Refresh Token** if needed)
  </Step>

  <Step title="Activate and assign">
    Copy **Client ID**, **Client Secret**, and **Issuer URL**\
    Assign users via the **Assignments** tab
  </Step>
</Steps>