# Setup Single-Sign-On (SSO)

Single Sign-On (SSO) enables your users to authenticate into **Bluebricks** using your organization’s identity provider (IdP). Follow the steps below to complete the configuration.

### Step 1: Configure a Bluebricks Application in Your Identity Provider

In your IdP (e.g., Okta, Azure AD, Google Workspace, OneLogin), create a new application integration for Bluebricks. When prompted, use the following endpoints:

**Redirect URI (Callback URL)**

```
https://auth.bluebricks.co/login/callback
```

**Logout URL**

```
https://auth.bluebricks.co/logout
```

{% hint style="warning" %}
These endpoints must be added exactly as provided to ensure proper OAuth/OIDC flow handling.
{% endhint %}

### Step 2: Provide Your Tenant Credentials to Bluebricks

After completing the application setup, retrieve the **Tenant ID** and **Client Secret** (or equivalent values depending on your IdP).

Share these credentials with the Bluebricks team via a secure channel (e.g., a [one-time secret-sharing service](https://onetimesecret.com/en/)).

#### Additional Assistance

If you need help with your configuration or encounter any issues, contact Bluebricks Support:\
**<support@bluebricks.co>**

## User Auto-Provisioning

When SSO is enabled, users who authenticate through your IdP for the first time are automatically created in Bluebricks; no manual invite is required.

* **Default role**: New auto-provisioned users are assigned the **Deployer** role.
* Admins can change a user's role at any time via [Account Settings > Users](https://app.bluebricks.co/settings?tab=members).

{% hint style="success" %}
SSO auto-provisioning is the recommended approach for onboarding users at scale. It removes the need to invite each user individually and ensures everyone authenticates through your IdP.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bluebricks.co/docs/organization-and-security/setup-single-sign-on-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.