> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kadoa.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On (SSO)

> Configure SAML-based Single Sign-On for centralized identity management

## Overview

Once SSO is enabled, members on SSO-approved domains must log in via SSO by default. You can allow other login types for users on other domains.

Members can login via your identity provider's website or by clicking the option to Continue with SSO on the login page.

## Configuration Overview

### Step 1: Request SSO Setup

Contact your Kadoa account team to initiate SSO configuration. We'll provide:

* SAML metadata URL or XML
* Entity ID
* SSO URL

### Step 2: Configure Your Identity Provider

1. Create a new SAML application in your IdP
2. Enter the Kadoa-provided SAML details
3. Configure attribute mappings:
   * Email (required)
   * First Name (recommended)
   * Last Name (recommended)
4. Assign users or groups to the application

## Just-In-Time (JIT) Provisioning

When a user logs in via SSO for the first time:

* A new Kadoa account is automatically created
* Profile information is populated from SAML attributes
* Default team membership is assigned
* User role defaults to Member (configurable by admins)
