> For the complete documentation index, see [llms.txt](https://docs.instruqt.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.instruqt.com/settings/authentication/sso.md).

# SSO

## Configure SSO

SSO allows you to easily authenticate content authors. You configure SSO using the Web UI.

{% hint style="info" %}
SSO is currently limited to organizations that create and manage Instruqt content.
{% endhint %}

{% hint style="info" %}
Callback URL that should be configured on the identity provider: <https://sso.play.instruqt.com/login/callback>
{% endhint %}

{% tabs %}
{% tab title="🌐 Web UI" %}

1. Navigate to **Team Settings** → **SSO**.
2. Select the applicable SSO provider for your team. Please contact the support team if the provider used by your team is not available.
3. Upon selecting a provider a drawer will appear for you to fill in the data related to your connection. In this example we are using **Google Workspace**. The values for **Domain**, **Client ID** and **Client Secret** must be obtained from your provider.<br>

   <figure><img src="/files/s4c8YwQlayUkMiRYfDXr" alt=""><figcaption></figcaption></figure>
4. After setting up the provider the URL provided in the management page will work for all team members. Clicking the link will copy it to your clipboard.\
   example login URL: `https://play.instruqt.com/{team-name}/login`
5. Upon navigating to the login URL users will get prompted to authenticate through the configured provider of your team.

{% hint style="info" %}
Users are automatically assigned to the team the they authenticate with. A user that wasn't part of the team yet will be assigned the **Member** role within that team.
{% endhint %}
{% endtab %}
{% endtabs %}

***

## FAQ

<details>

<summary>Can I swap my SSO Providers?</summary>

Yes. We use the returned email address from the SSO provider as the identity of the user. If the new SSO provider returns the same email for the same user, then the accounts to stay the same inside of Instruqt.

Please contact our support if you need further guidance and/or would like to test this.

</details>

<details>

<summary>Are users provisioned on demand?</summary>

Yes. At present all users are created with the role "Member" when logging in with SSO and when a matching email cannot be found.

</details>

<details>

<summary>Is de-provisioning supported?</summary>

Not at this time. If your use case requires de-provisioning, we encourage you to contact our support team and share your request with us.

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.instruqt.com/settings/authentication/sso.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.