# SAML
{% tabs %}
{% tab title="General configuration" %}
## Configure CISO Assistant with SAML
Once you've retrieved the **IdP Entity ID,** the **Metadata URL** and the **Entity ID** from your provider (see the list of providers for specific details), the configuration on CISO Assistant is pretty simple.
1. Log in into CISO Assistant as an **administrator > Extra > Settings**
2. **Enable SSO**
3. Enter the **Idp Entity ID**
4. Choose the option 1 or 2 depending of your provider and fill **Metadata URL** or **SSO URL**, **SLO URL**, **x509 certificate** retrieved from your provider
5. Check that the **SP Entity ID** is similar to the **Entity/Client ID** specified on your provider
6. And that's it! Don't forget to save changes
7. You should now be able to see the **Login with SSO** button
{% endtab %}
{% tab title="Advanced settings" %}
**Allow single label domains**: This allows you to authenticate through SAML on a single-label domain (e.g. `https://ciso-assistant:8443`). If this is left unchecked, the only host forms allowed are:
* IPv4
* IPv6
* FQDN (e.g. )
* `localhost`
{% endtab %}
{% endtabs %}
{% hint style="warning" %}
Be aware that the user needs to be created on CISO Assistant to be authenticated with SSO.
{% endhint %}
