# Enabling and configuring SSO on Structural Cloud

{% hint style="info" %}
**Required global permission:** Manage user access to Tonic Structural and to any workspace
{% endhint %}

On Structural Cloud, you enable and configure single sign-on (SSO) from Structural Settings view.

Structural Cloud currently only supports Okta.

## Displaying the SSO configuration <a href="#sso-display-cloud-config" id="sso-display-cloud-config"></a>

To display the SSO configuration options:

1. In the Structural header, click **Structural Settings**.
2. On the **Structural Settings** view, click **Access Management**.
3. On the **Access Management** tab, click **Single Sign-On**.

<figure><img src="https://3378426797-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSQCLFQ4bslJ-HYc8c3%2Fuploads%2F35w4NIgZANVTw70CgFVt%2FCloudSSODisabled.png?alt=media&#x26;token=364bea0c-96ef-422d-a0f5-def8304f03f4" alt=""><figcaption><p>Single Sign-On view on the Access Management tab on Structural Settings with SSO disabled</p></figcaption></figure>

## Enabling and configuring SSO <a href="#sso-cloud-enable-configure" id="sso-cloud-enable-configure"></a>

Before you enable SSO, make sure to complete the required configuration in the SSO provider.

* [Okta configuration](https://docs.tonic.ai/app/admin/tonic-user-access/okta#okta-configuration)
* [OIDC configuration](https://docs.tonic.ai/app/admin/tonic-user-access/oidc#sso-oidc-sso-setup)
* [SAML configuration](https://docs.tonic.ai/app/admin/tonic-user-access/saml#saml-provider-configuration)

### Enabling SSO

To enable SSO:

1. Click **Edit Settings**.
2. Toggle **Enable SSO** to the on position.

<figure><img src="https://3378426797-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LSQCLFQ4bslJ-HYc8c3%2Fuploads%2FI8Ozabq8qtCscMwZtPJO%2FCloudSSOEnabled.png?alt=media&#x26;token=70bdc02e-018f-4564-a2c3-831f6ab8e43f" alt=""><figcaption><p>Single Sign-On view with SSO enabled</p></figcaption></figure>

### Requiring SSO for login

{% hint style="warning" %}
Before you require SSO, after you complete the rest of the connection configuration, log out and then use SSO to log in.

If you require SSO before you use SSO to log in at least once, then you will not be able to log in.
{% endhint %}

By default, users can either:

* Use SSO.
* Use their email address to create an account directly.

You can require users to only use SSO.

**After you complete the connection configuration and then log in with SSO**, to require your users to only use SSO, check the **Require SSO for login** checkbox.

### Selecting the provider and configuring the connection

Click the SSO provider to use, then configure the connection to the SSO provider.

1. [Okta connection](https://docs.tonic.ai/app/admin/tonic-user-access/okta#structural-cloud)
2. [OIDC connection](https://docs.tonic.ai/app/admin/tonic-user-access/oidc#sso-oidc-structural-cloud)
3. [SAML connection](https://docs.tonic.ai/app/admin/tonic-user-access/saml#structural-configuration-structural-cloud)

When you are finished, click **Save**.

## Updating the SSO configuration <a href="#cloud-sso-update" id="cloud-sso-update"></a>

To update the SSO configuration:

1. Click **Edit Settings**.
2. Update the configuration. You can change:
   * Whether SSO is enabled.
   * Whether to require SSO for login.
   * The connection settings for the selected provider.
3. Click **Save**.