> For the complete documentation index, see [llms.txt](https://hub.equipme.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hub.equipme.io/documentation/sales/customer/single-sign-on-sso.md). # Single Sign-On (SSO) ## **Single Sign-On (SSO) in equipme** Single Sign-On gives your users a simple and secure way to access equipme without managing another password. This article explains the general idea behind SSO in equipme, how the login process works, and which responsibilities sit with your identity provider versus equipme. The specific setup instructions for each provider are available in separate articles. When SSO is enabled, the classic email-and-password login is replaced with an authentication request to your chosen identity provider. After a user signs in there, equipme receives the confirmation and creates the session. ### How users sign in with SSO All SSO providers you have connected are displayed on the login page. Users choose the provider they prefer and authenticate through it. If the email address already exists in equipme, the system links the session to that user. If the email is new, the user is guided through a short registration step before they can access the portal. Administrators can recommend a preferred sign-in method for new employees, but this is not a strict requirement. Users can always choose the option that fits their own setup. SSO does not need to be activated for each individual user. As soon as a provider is connected to the portal, it becomes available to everyone. The only extra step that may be required is the initial admin consent inside the identity provider, such as in Microsoft Entra ID. ### What SSO handles — and what it does not SSO is responsible only for authenticating the user. It confirms the identity and hands the session over to equipme. All access control happens inside equipme, including roles, permissions, and everything else that defines what a user can see or do. SSO does not synchronise user data, assign roles, import groups, or create organisational structures. If you want to update employee information automatically or bring in additional fields, this is done through HR Sync, not through SSO. ### Supported identity providers equipme supports several identity providers through standard OIDC authentication. Each provider has its own configuration steps, which are documented separately. Microsoft Entra ID is the most commonly used option and has its own dedicated guide. ### Understanding the flow The general sequence is straightforward. A user selects an SSO provider on the login page. equipme redirects the browser to the provider. The user signs in there, and the provider returns a signed identity token. equipme validates this token and logs the user in. The identity provider handles authentication, and equipme handles everything that follows. From here, you can continue with the detailed articles for Entra ID covering both the login behaviour and the technical data scope. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hub.equipme.io/documentation/sales/customer/single-sign-on-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.