> ## Documentation Index
> Fetch the complete documentation index at: https://artie.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Single sign-on (SSO)
> Set up single sign-on (SSO) for your Artie dashboard using OIDC providers like Okta, including step-by-step configuration and SCIM user provisioning.
Artie supports single sign-on to your dashboard via OIDC. If you are using Okta, we have provider specific documentation for setting up SSO. If you are using another provider, just contact us!
You need to be your company's Okta and Artie admin to set this up
To create an app, please do the following:
1. Log in to your Okta admin dashboard
2. Go to Applications > Applications
3. Click "Create App Integration", select "OIDC - OpenID Connect", and pick "Web Application"
* Application Name: Artie
* Grant type: Only "Authorization Code" should be selected
* Sign-in redirect URIs: `https://api.artie.com/sso/okta/callback`
* Sign-out redirect URIs: `https://api.artie.com/logout`
* (Optional) If you want to enable Artie as an Okta tile app. You can also specify `https://api.artie.com/sso/okta/login` as the "Initiate login URI"
* Client ID
* Client secret
* Okta domain (You can get this from the top right navigation bar)
## Provisioning users (SCIM)
Artie supports automatic provisioning and deprovisioning users from Okta via SCIM integration (beta) -- for access to this feature, contact us!
This integration is used for provisioning only. Artie does not support SAML/SWA login through this SCIM app.
To enable SSO, you must configure a separate SSO application in Okta.
In Artie, [Settings > Authentication](https://app.artie.com/settings?tab=authentication), create a new API key with the `SCIM` API key type.
Copy and securely store the key. You will use it during Okta configuration.
Add the [Oauth Bearer Token Governance with SCIM 2.0](https://www.okta.com/integrations/oauth-bearer-token-governance-with-scim-2-0/) integration to your Okta tenant.
On the **General Settings** page:
* Set the **Application label** (for example: `Artie SCIM`).
* Under **Application visibility**, uncheck `Display application icon to users`
> This application should not be visible to end users because it does not support login.
On the next page:
* Ignore most **SAML** and **SWA** fields, as the integration does not support login.
* Under **Credentials Details**:
* Set **Application username format** to `Email`
Click **Next**.
Open the newly created application and complete the following:
* Navigate to the **Provisioning** tab.
* Click **Configure API Integration**.
* Check `Enable API integration `
* Configure the following:
* **Base Url:** `https://api.artie.com/scim/v2`
* **OAuth Bearer Token:** Paste the **SCIM API key** generated in Step 1.
* **Import Groups:** Leave unchecked, as Artie's SCIM integration does not support groups.
* Click **Test Integration**, then **Save**.
* In the **Provisioning** tab, select **To App**.
* Click **Edit**.
* Enable:
* **Create Users**
* **Deactivate Users**
* Click **Save**.
* Navigate to the **Assignments** tab.
* Click **Assign**.
* Assign users or groups to the application.
Assigned users will be automatically provisioned to Artie with normal permissions.
## Configuring this on Artie
Once you have gathered the information from above, go to the [settings](https://app.artie.com/settings) page in your Artie dashboard.
Under "Authentication", you can click "Configure Okta SSO". Once all the necessary information is filled out, users can now [log in](https://app.artie.com/login/sso) through Okta SSO.
## Questions
To log in through SSO, users would:
1. Go to the [SSO login screen](https://app.artie.com/login/sso)
2. Enter their company email address
3. If matched, an email will be sent to the user to log in
4. It will prompt them to log in through their configured IDP
5. They will then be redirected and authenticated into Artie