> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chronosphere.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up single sign-on

If your organization manages user credentials through an identity provider,
you can use either SAML or OIDC to set up single sign-on (SSO) access to the
Chronosphere Telemetry Pipeline web interface.

## SAML authentication

To set up SAML authentication through your identity provider, you must:

* Use the value `CONNECTION_NAME` for your connection name.
* Set the single sign-on URL to `https://sso.calyptia.com/login/callback?connection=CONNECTION_NAME`.
* Set the audience URI or SP entity ID to `urn:auth0:dev-15smjh-e:CONNECTION_NAME`.
* Include the attributes `name`, `email`, and `email_verified` in your SAML assertion:
  * Use the value `user.firstName` for the `name` attribute.
  * Use the value `user.email` for the `email` attribute.
  * Use the value `true` for the `email_verified` attribute.
* Download an X.509 certificate from your identity provider.

After completing these tasks, notify Chronosphere that you've enabled a SAML
connection, and include a copy of your X.509 certificate with your message.

## OIDC authentication

To set up OIDC authentication through your identity provider, you must:

* Set the sign-in redirect URIs to `https://sso.calyptia.com/login/callback` and
  `https://dev-15smjh-e.us.auth0.com/login/callback`.

After completing this task, notify Chronosphere that you've enabled an OIDC connection.