> For the complete documentation index, see [llms.txt](https://help.steeple.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.steeple.com/en/administration/authentification-sso.md).

# Authentication methods and Single Sign-On (SSO)

### Authentication methods

Steeple offers two authentication methods:

* **Email + password** : default method, each employee logs in with their Steeple credentials
* **Single Sign-On (SSO)** : login via a corporate identity provider (Azure AD, Okta, Google Workspace)

### What is SSO?

SSO (Single Sign-On) allows employees to sign in to Steeple with their existing company credentials, without creating a separate account.

#### Benefits

* Centralized access management
* No duplicate accounts
* Security aligned with company tools
* Ability to automate user provisioning

#### Protocol

Steeple implements SSO via **SAML V2.0**.

#### Important point

Steeple does not support **Single Logout (SLO)** : once the Steeple session is established, it is independent of the identity provider session and expires according to its own validity period.

### Supported identity providers

* **Azure Active Directory** (Microsoft Entra ID)
* **Okta**
* **Google Workspace**

### Configure SSO

Configuration is done from **Administration** > **Integrations** (`/administration/integrations`).

#### SSO with Azure Active Directory

1. Create a non-gallery enterprise application in Azure (Identity > Applications > Enterprise Applications)
2. In Steeple: Administration > Integrations > Install, configure the SSO button name and the reserved domains
3. Copy the Steeple metadata into Azure's basic SAML configuration
4. Configure the user attributes (email, first\_name, last\_name, provider\_identifier)
5. Copy the federation metadata URL from Azure
6. Import into Steeple by pasting the URL and clicking "Import metadata"
7. Assign users and groups in Azure — the administrator who is setting it up must also be assigned

#### SSO with Okta

1. Create a SAML 2.0 integration in Okta (Applications > Create App Integration)
2. Copy the Steeple URLs (from Administration > Integrations > Okta SAML > Install) into Okta
3. Set the Name ID format to **EmailAddress**
4. Configure the attributes as specified
5. Retrieve the metadata URL from Okta's "Sign on" tab
6. Import into Steeple

#### SSO with Google Workspace

1. Create a custom SAML application in Google (Applications > Web and mobile > Add an app)
2. Download the Google metadata XML file
3. Configure the Steeple metadata in Google Workspace and vice versa
4. The Google XML file must be hosted on an accessible URL (use secure internal hosting, do not use a public third-party service) to be imported into Steeple
5. Configure user attributes

### Migrating to SSO

* **Same email** in the corporate directory and in Steeple: seamless transition, the existing account is kept
* **Different email** : a new account is created — the user must unify their email addresses before migration

### Multi-community architectures (parent/child)

For organizations with parent/child communities, it is possible to map identity provider groups to specific Steeple communities. The configuration varies depending on the provider:

* **Azure AD** : use group claims with the group's object\_id
* **Okta** : configure Okta groups (replace spaces with underscores in names)
* **Google Workspace** : add the sso\_group\_id attribute

### What the assistant can do

The assistant can guide the user to the page **Integrations** via navigate\_to and explain authentication concepts. For detailed technical configuration, direct them to <https://help.steeple.com/>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.steeple.com/en/administration/authentification-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.