--- title: "SSO (Single Sign On)" slug: "configuring-the-single-sign-on-sso-feature" description: "Configure SSO authentication to allow users to sign in using one set of credentials for multiple independent systems. " tags: ["Account Settings", "Settings", "SSO"] updated: 2026-01-07T19:05:41Z published: 2026-01-07T19:05:41Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt > Use this file to discover all available pages before exploring further. # SSO (Single Sign On) As a Wasabi user (trial or paid customer), you can set up SSO, at-will, in your own accounts. You simply need to enter standard SSO configuration information and define user roles. ## Configuring SSO for the First Time 1. Click **Security**on the Wasabi menu. 2. Select **SSO (Single Sign On)**. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1748900499934.png) 3. Click **Start SSO Configuration**. 4. Enter your organization name, which is a unique identifier that you and your users will use when signing in to Wasabi using SSO. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092086450.png) 5. Click **Add Organization**. The organization name is displayed along with a drop-down menu to select the SSO connection: ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092211002.png) 6. Click the **SSO Connection**drop-down to select the connection type. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092265163.png) By default, SSO is disabled (**No Connection**) for existing and newly created Wasabi accounts. You can select one of these protocols: - SAML - OPEN ID 7. If you select **SAML**, a screen similar to the following is displayed. Work through the instructions on the screen to enter the **Sign In URL** and **Sign Out URL**. Then, choose a file for the **X509 Signing Certificate**. Finally, review and complete the **IDP configuration**. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092361606.png) If you select **OPEN ID**, a screen similar to the following is displayed. Work through the instructions on the screen to enter the **Discovery Endpoint** and **Client ID**. You may need to configure the OIDC issuer with the callback URL noted at the bottom left of the screen. ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092444462.png) 8. In order for SSO roles to work in the Console, they must be assigned to users within your organization's Identity Provider, and be returned to Wasabi in SSO claims. Without this, we will be unable to match a user with a role. Click **Create Role,** enter a role name, assign policies, and create the role. 9. After entering all information, click **Save Connection**. 10. Scroll down and notice that you can define roles for the connection. For example: ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1719092508473.png) Set up [Policies](https://docs.wasabi.com/docs/policies-1) and [Roles](https://docs.wasabi.com/docs/roles-1) for the SSO. Begin by reviewing the information in [Creating a Role for Single Sign On (SSO).](https://docs.wasabi.com/docs/creating-a-role#creating-a-role-for-single-sign-on-sso) ## Deleting an SSO Configuration 1. If you are not already on the SSO Configuration panel, click **Security**on the Wasabi menu and select **SSO (Single Sign On)**. 2. On the SSO Configuration panel, click **Delete SSO Configuration**. 3. Click **Delete**to confirm.