# Configuration in your SSO provider

Before you can enable single sign-on (SSO) in Fabricate, in your SSO provider, you must set up a dedicated app or client for Fabricate.

Fabricate supports any OIDC provider that supports the Authorization Code Flow mode, such as:

* [Okta](https://help.okta.com/oie/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm)
* [Keycloak](https://www.keycloak.org/docs/latest/server_admin/index.html#assembly-managing-clients_server_administration_guide)
* [Microsoft Entra ID](https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings) (previously Azure Active Directory)
* [Google](https://developers.google.com/identity/openid-connect/openid-connect)
* [Auth0](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc)

## **URLs for the configuration** <a href="#sso-config-urls" id="sso-config-urls"></a>

The provider configuration includes the following values:

* **Initiation URL -** From your SSO provider dashboard.
* **Sign-in redirect URL -** `https://fabricate.tonic.ai/sso/callback`
* **Sign-out redirect URL -** `https://fabricate.tonic.ai/`

## **Values to note for the Fabricate configuration** <a href="#sso-fabricate-config-values" id="sso-fabricate-config-values"></a>

After you create the app or client, note the following values that are needed to configure the SSO in Fabricate:

* Issuer URL
* Client ID
* Client secret

## **Granting Fabricate access to your SSO users** <a href="#sso-user-fabricate-access" id="sso-user-fabricate-access"></a>

Within your SSO provider, to enable SSO users to join your Fabricate account, you must grant them access to the Fabricate application.