# Single sign-on (SSO)

Tonic Textual respects the access control policy of your single sign-on (SSO) provider. To access Textual, users must be granted access to the Textual application within your SSO provider.

Self-hosted instances can use any of the available SSO options. Textual Cloud organizations can enable Okta SSO.

To enable SSO, you first complete the required configuration in the SSO provider. You then configure Textual to connect to it. For self-hosted instances, you use Textual environment variables for the configuration. For a Textual Cloud organization, you use the **Single Sign-On** tab on the **Permission Settings** page.

After you enable SSO, users can use SSO to create an account in Textual.

For self-hosted instances, to only allow SSO authentication, set the [environment variable](/textual/textual-install-administer/configuring-textual/textual-env-var-configure.md) `REQUIRE_SSO_AUTH` to `true`. For Textual Cloud, this is configured in the application. When SSO is required, Textual disables standard email/password authentication. All account creation and login is handled through your SSO provider. If multi-factor authentication (MFA) is set up with your SSO, then all authentication must go through your provider's MFA.

You can [view the list of SSO groups whose members have logged into Textual](/textual/textual-install-administer/user-access-textual/textual-sso/sso-view-groups.md).

Tonic Textual supports the following SSO providers:

<table data-view="cards"><thead><tr><th></th><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Azure</strong></td><td>Use Azure to enable SSO on Textual.</td><td></td><td><a href="/pages/9nyonZd4dSqVWMSt4jWB">/pages/9nyonZd4dSqVWMSt4jWB</a></td></tr><tr><td><strong>GitHub</strong></td><td>Use GitHub to enable SSO on Textual.</td><td></td><td><a href="/pages/jWffQFAI5qo03ZBFWz8K">/pages/jWffQFAI5qo03ZBFWz8K</a></td></tr><tr><td><strong>Google</strong></td><td>Use Google to enable SSO on Textual.</td><td></td><td><a href="/pages/1Z5VbDual1LcZ79MC7z6">/pages/1Z5VbDual1LcZ79MC7z6</a></td></tr><tr><td><strong>Keycloak</strong></td><td>Use Keycloak to enable SSO on Textual.</td><td></td><td><a href="/pages/sGUFaYrNsDAf4nYhqY8b">/pages/sGUFaYrNsDAf4nYhqY8b</a></td></tr><tr><td><strong>Okta</strong></td><td>Use Okta to enable SSO on Textual.</td><td>Available for both self-hosted instances and Textual Cloud.</td><td><a href="/pages/9AR0dj4mHFCnCYaC9QvV">/pages/9AR0dj4mHFCnCYaC9QvV</a></td></tr><tr><td><strong>OpenID Connect (OIDC)</strong></td><td>Use OIDC to enable SSO on Textual.</td><td></td><td><a href="/pages/OZYuklhE24olFmokVwOj">/pages/OZYuklhE24olFmokVwOj</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/textual/textual-install-administer/user-access-textual/textual-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.