# Configuration in your SSO provider

Before you can enable single sign-on (SSO) in Fabricate, in your SSO provider, you must set up a dedicated app or client for Fabricate.

Fabricate supports any OIDC provider that supports the Authorization Code Flow mode, such as:

* [Okta](https://help.okta.com/oie/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm)
* [Keycloak](https://www.keycloak.org/docs/latest/server_admin/index.html#assembly-managing-clients_server_administration_guide)
* [Microsoft Entra ID](https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings) (previously Azure Active Directory). For details on the required configuration in Microsoft Entra ID for Fabricate SSO, go to [Microsoft Entra ID configuration](/fabricate/fabricate-accounts-and-users/managing-account-users/single-sign-on-sso/microsoft-entra-id-configuration.md).
* [Google](https://developers.google.com/identity/openid-connect/openid-connect)
* [Auth0](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc)

## **URLs for the configuration** <a href="#sso-config-urls" id="sso-config-urls"></a>

The provider configuration includes the following values:

* **Initiation URL -** From your SSO provider dashboard.
* **Sign-in redirect URL -** `https://fabricate.tonic.ai/sso/callback`
* **Sign-out redirect URL -** `https://fabricate.tonic.ai/`

## **Values to note for the Fabricate configuration** <a href="#sso-fabricate-config-values" id="sso-fabricate-config-values"></a>

After you create the app or client, note the following values that are needed to configure the SSO in Fabricate:

* Issuer URL
* Client ID
* Client secret

## **Granting Fabricate access to your SSO users** <a href="#sso-user-fabricate-access" id="sso-user-fabricate-access"></a>

Within your SSO provider, to enable SSO users to join your Fabricate account, you must grant them access to the Fabricate application.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/fabricate/fabricate-accounts-and-users/managing-account-users/single-sign-on-sso/sso-provider-config.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.