--- title: "SSO (Single Sign On) Legacy" slug: "configuring-the-legacy-sso-feature" description: "Configure SSO Legacy authentication to allow users to sign in using one set of credentials for multiple independent software systems. Use of SSO Legacy is discouraged. Wasabi is no longer provisioning new customers on SSO Legacy." tags: ["Account Settings", "SSO", "SSO Legacy"] updated: 2026-01-07T19:14:45Z published: 2026-01-07T19:14:45Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt > Use this file to discover all available pages before exploring further. # SSO (Single Sign On) Legacy > Use of SSO Legacy is discouraged. Wasabi is no longer provisioning new customers on SSO Legacy. As part of the SSO Legacy configuration instructions, you will: - Install and configure an Identity Provider (IDP) of a third-party application (such as configure Okta, Auth0, or Shibboleth). - Configure SSO Legacy by continuing with the instructions below. ## Configuring SSO Legacy 1. Click **Security**on the Wasabi menu. 2. Select **SSO (Single Sign On) Legacy**. > This option is available only if you have SSO Legacy enabled through Wasabi Customer Support, as noted above. 3. Click **Configure SSO**. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1748900821367.png) By default, SSO is disabled for existing and newly created Wasabi accounts. You will see this option only if it is available for your account. If you have already configured SSO, refer to Modifying the SSO Configuration to configure a new provider or modify an existing provider. 4. Click **CREATE NEW PROVIDER**. (Or, click **BACK TO CONSOLE**to return to the ACCOUNT SETTINGS panel.) ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/reviewing-or-changing-your-profile-image-dgnwtg80.jpg) 5. A panel is displayed on which you can add an authorized provider. Enter a name for the provider. It is best to use a name that will be easily recognized by the users. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1699044869164.png) 6. Select one of these protocols: - SAML2 - OpenID Connect (OIDC) 7. Enter the metadata URL that was provided during IDP configuration. For example, enter the URL indicated when configuring SAML2 with Okta. 8. Optionally, enter an entity ID. For example, a SML2-based IDP can declare more than one “entity” in the meta-data XML (multiple IDP providers each with separate public keys, etc.). 9. Optionally, enter a Wasabi role prefix. The SSO feature uses this prefix to map to Wasabi roles. By default, the prefix is assumed to be “wasabi-” if you do not enter a different prefix. When Wasabi receives a group/role name from the IDP that starts with this prefix, Wasabi looks for a role with the same name in the Wasabi account. For more information about Wasabi roles, refer to [Roles](https://docs.wasabi.com/docs/roles-1). 10. Click **CREATE**. The SSO Provider List is displayed. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/reviewing-or-changing-your-profile-image-6qt6rjfi.jpg) This list shows the serial number, name, ID (which will be used on the enterprise login), and protocol type for each provider. If you want to add a provider, click ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/reviewing-or-changing-your-profile-image-ewb4z34o.png) and return to the instructions above. You can click the toggle to enable or disable the provider status. When the provider is enabled, the slide option is green: ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/reviewing-or-changing-your-profile-image-vd21cy7v.png) When the provider is disabled, the option is gray: ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/reviewing-or-changing-your-profile-image-nao3wm5s.png) In addition, you can click ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/actions-ellipsis.png) to the right of a provider and select: - **Configure**to edit the provider. - **Support**to access Wasabi Technical Support. - **Delete**to delete the provider. 11. Click **BACK TO CONSOLE**to return to the ACCOUNT SETTINGS panel. 12. Set up roles and a policy for the sign-in. Refer to [Policies](https://docs.wasabi.com/docs/policies-1) and [Roles](https://docs.wasabi.com/docs/roles-1). Begin by reviewing the information in [Creating a Role for SSO Legacy.](https://docs.wasabi.com/docs/creating-a-role#creating-a-role-for-sso-legacy) ## Modifying the SSO Configuration 1. Click **CONFIGURE SSO**on the ACCOUNT SETTINGS panel. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1699044787508.png) 2. The SSO Provider List is displayed. Configure a new provider or modify an existing provider, as described above. ## Related - [SSO (Single Sign On)](/configuring-the-single-sign-on-sso-feature.md)