> For the complete documentation index, see [llms.txt](https://hub.equipme.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hub.equipme.io/equipme/settings-1/portal-settings/single-sign-on-sso.md).

# Single Sign-On (SSO)

Single Sign-On gives your users a simple and secure way to access equipme without using another password. This article explains the general idea behind SSO in equipme, how the login process works, and which responsibilities sit with your identity provider versus equipme. The specific setup instructions for each provider (e.g. Microsoft or Google) are available in separate articles.

#### How users sign in with SSO <a href="#how-users-sign-in-with-sso" id="how-users-sign-in-with-sso"></a>

SSO does not need to be activated for each individual user. Only the initial admin setup within the identity provider is required, for example in Microsoft Entra ID.

Once the connection to a provider has been successfully established, SSO is available to all your equipme users as an alternative to local login in the equipme login area.&#x20;

<figure><img src="/files/sNWkHvUnotVbCualq2Vk" alt="" width="365"><figcaption></figcaption></figure>

#### What SSO handles — and what it does not <a href="#what-sso-handles-and-what-it-does-not" id="what-sso-handles-and-what-it-does-not"></a>

SSO is responsible only for authenticating the user. It confirms the identity and hands the session over to equipme. This means that users who wish to log in via SSO must first be registered in Equipme.

{% hint style="warning" %}
SSO does not synchronise or create user data, assign roles, import groups, or create organisational structures in equipme. If you want to update employee and other organizational information such as locations or cost centers automatically in equipme, this is done through HR Sync, not through SSO.
{% endhint %}

If the user's email address already exists in Equipme, the system links the session to that user and grants access to the company portal.

{% hint style="danger" %}
If the user's email address does not exist in Equipme, the user will be guided through a registration process and set up a new portal, which could lead to confusion – so please ensure that all relevant users have been created in Equipme in advance.
{% endhint %}

SSO only regulates user authentication. All Equipme application permissions are managed within equipme, including roles, permissions, and everything a user can see or do.

#### Supported identity providers <a href="#supported-identity-providers" id="supported-identity-providers"></a>

equipme supports several identity providers through standard OIDC authentication. Microsoft is displayed as the SSO provider by default. If you require an alternative SSO provider, you can request this via our support team.

Each provider has its own configuration steps. Microsoft Entra ID is the most commonly used option and has its own dedicated guide.

#### SSO as preferred sign-in method  <a href="#what-sso-handles-and-what-it-does-not" id="what-sso-handles-and-what-it-does-not"></a>

<figure><img src="/files/k6vL16yy9TreikyMEfaI" alt="" width="542"><figcaption></figcaption></figure>

Administrators can recommend SSO as preferred sign-in method to new employees in the self-service invitation. However, this is not a strict requirement. Users can always choose to sign in with their local Equipme account.

#### Understanding the flow <a href="#understanding-the-flow" id="understanding-the-flow"></a>

The general sequence is straightforward. A user selects the SSO provider on the login page. equipme redirects the browser to the provider. The user signs in there, and the provider returns a signed identity token. equipme validates this token and logs the user in. The identity provider handles authentication, and equipme handles everything that follows.

From here, you can continue with the detailed articles for Entra ID covering both the login behaviour and the technical data scope.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hub.equipme.io/equipme/settings-1/portal-settings/single-sign-on-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.