> ## Documentation Index
> Fetch the complete documentation index at: https://www.meilisearch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Configure SSO
> Set up Single Sign-On for Meilisearch Cloud to authenticate team members through your identity provider.
Single Sign-On (SSO) allows your [team](/capabilities/teams/overview) members to log into Meilisearch Cloud using your organization's existing identity provider (IdP). Instead of managing separate Meilisearch credentials, users authenticate through a centralized system like Okta, Azure AD, or Google Workspace.
SSO is a Meilisearch Cloud enterprise feature. It is not available on self-hosted instances or non-enterprise Cloud plans.
## Supported protocols
Meilisearch Cloud supports **SAML 2.0** for SSO integration. SAML 2.0 is an industry-standard protocol supported by most identity providers, including:
* Okta
* Azure Active Directory (Microsoft Entra ID)
* Google Workspace
* OneLogin
* Auth0
* JumpCloud
## Setup process
### Step 1: Contact the Meilisearch team
SSO configuration requires coordination with the Meilisearch team. Reach out through your enterprise support channel or email [support@meilisearch.com](mailto:support@meilisearch.com) to initiate the setup process.
The Meilisearch team will provide you with:
* The **Assertion Consumer Service (ACS) URL** for your organization
* The **Entity ID** (also called the Audience URI) for Meilisearch
* Any additional SAML attributes required for the integration
### Step 2: Configure your identity provider
In your IdP's admin console, create a new SAML application for Meilisearch Cloud using the values provided by the Meilisearch team:
1. Create a new SAML 2.0 application in your IdP
2. Set the **ACS URL** to the value provided by Meilisearch
3. Set the **Entity ID** to the value provided by Meilisearch
4. Configure the **Name ID format** to `emailAddress`
5. Map the following user attributes:
| SAML attribute | Value |
| :------------- | :------------------- |
| `email` | User's email address |
| `firstName` | User's first name |
| `lastName` | User's last name |
6. Assign the appropriate users or groups to the application
### Step 3: Provide IdP metadata to Meilisearch
After configuring the SAML application, share the following with the Meilisearch team:
* Your **IdP metadata URL** (preferred) or the **IdP metadata XML file**
* The **IdP SSO URL** (the endpoint where Meilisearch sends authentication requests)
* The **IdP certificate** used to sign SAML assertions
The Meilisearch team will complete the configuration on their end and confirm when SSO is active.
### Step 4: Test the SSO login flow
Before rolling out SSO to your entire team:
1. Assign the Meilisearch application in your IdP to a test user
2. Have the test user log in to Meilisearch Cloud using the SSO option
3. Verify they appear in your team members list
4. Confirm they have the correct access level
Test SSO with a non-admin account first to verify the integration works correctly before rolling it out to your entire team.
## Manage team membership through your IdP
Once SSO is enabled, new team members are automatically provisioned in Meilisearch Cloud when they first log in through your IdP. To manage user access:
* **Add members**: assign the Meilisearch application to new users or groups in your IdP. They are provisioned automatically on their first login.
* **Remove members**: unassign the application from users in your IdP. They will no longer be able to authenticate.
* **Group-based access**: use IdP groups to manage access at scale. All members of an assigned group gain access to your Meilisearch Cloud team.
Role assignment (Owner vs. Member) is still managed within the Meilisearch Cloud dashboard. Your IdP controls who can authenticate, but the Meilisearch dashboard controls their permissions. When a user is first provisioned through SSO, they are assigned the Member role by default. The team owner must manually promote them to Owner if needed.
## Next steps
Configure roles and permissions for team members
Learn more about teams and team management