# Single sign-on (SSO) URL: https://support.starshipit.com/articles/10659444958479-single-sign-on-sso Canonical: https://support.starshipit.com/articles/10659444958479-single-sign-on-sso Markdown: https://support.starshipit.com/articles/10659444958479-single-sign-on-sso.md Updated: 2026-05-07 > For the complete documentation index, see [llms.txt](https://support.starshipit.com/llms.txt). > Set up Single Sign-On (SSO) to integrate your identity provider with Starshipit for secure, centralised login. ## Why SSO? Enterprise organisations often have centralised user identity stores and mature processes for managing user access. With our new SSO feature, you can leverage your existing systems, such as Azure Entra ID (formerly Azure AD), Okta, and others, to manage access to our platform. Some of the benefits of using SSO are: * Full control over user access and security policies, including MFA requirements, password complexity, and access token lifespan. * Streamlined user onboarding and offboarding processes. * Enhanced security through centralised management of login events, password resets, and MFA. * Simplified access management without reliance on third-party support. ## Prerequisites * You must have users already set up in Starshipit as your identity provider will map to existing accounts. * The Starshipit account email must be the same as the email address in your identitify provider. ## Set up To set up Single Sign-On (SSO) with Starshipit, please follow the guides below for submitting your Identity Provider (IDP) and configuring Starshipit as an application. #### Okta 1. In the Okta dashboard, navigate to **Applications**. 2. Click **Add App.** ![Okta Add App button](/uploads/attachments/sso-okta-add-app.png) 3. Select **OIDC** **- OpenID Connect** for the Sign-in method. 4. Select **Web Application** for the Application type. 5. Under **Sign-in redirect URIs,** enter the callback URL provided by Starshipit. https://auth.starshipit.com/oidc/{your_tenant_name}/callback Example: https://auth.starshipit.com/oidc/mystore/callback ![Okta Sign-in redirect URIs configuration](/uploads/attachments/sso-okta-redirect-uri.png) 6. Ensure the scopes openid, profile and email are included. 7. Copy the following values from Okta and send it securely to Starshipit: 1. **Client ID** 2. **Client Secret** 3. **Okta OIDC Issuer URI** 8. Okta provides default claims. If customisation is required, configure these under **Mappings**. 9. Assign users or groups to the application. #### Auth0 1. In the Auth0 dashboard, navigate to **Applications** > **Create Application**. 2. Select **Regular Web Applications**. 3. Under the **Settings** tab, locate the **Allowed Callbacks URLs field**. 4. Enter the callback URL in the following format: https://auth.starshipit.com/oidc/{your_tenant_name}/callback Example: https://auth.starshipit.com/oidc/mystore/callback 5. Ensure the scopes openid, profile and email are included. 6. Copy the following values from Auth0 and send it securely to Starshipit: 1. **Client ID** 2. **Client Secret** 3. **Issuer URI** 7. (Optional) To map additional claims, go to **Rules** or **Actions** and create a rule to modify tokens. 8. Save your settings. #### Entra ID (Azure Active Directory) 1. In Azure, navigate to **Azure Active Directory** > **App registrations** > **New registration**. 2. Under **Redirect URIs,** enter the callback URL in the following format: https://auth.starshipit.com/oidc/{your_tenant_name}/callback Example: https://auth.starshipit.com/oidc/mystore/callback 3. Choose **Web** as the platform. 4. Ensure the scopes openid, profile and email are included. 5. Copy the following values from Entra ID and send it securely to Starshipit: 1. **Client ID** 2. **Client Secret** To create the application secret: 1. Go to **Certificates & secrets** > Select **New client secret**. 2. In the **Description field**, enter a description/label. 3. Under the **Expires** drop-down field, select a duration. 4. Click **Add** to create the client secret. 3. **Issuer URI** 6. (Optional) If you need to customise your claims, configure these under **Token configuration**. 7. Assign users or groups and configure API permissions as required. #### Other (Older Identitify Providers that use SAML and LDAP are not supported) 1. In your Identity Provider (IdP) dashboard, navigate to where you can create/manage applications. 2. Create a new application and select **OIDC** or **OpenID Connect** as the protocol. 3. In the application configuration, locate the **Redirect** or **Callback** URL field. 4. Enter the callback URL in the following format: https://auth.starshipit.com/oidc/{your_tenant_name}/callback Example: https://auth.starshipit.com/oidc/mystore/callback 5. Ensure the scopes openid, profile and email are included. 6. Copy the following values from Okta and send it securely to Starshipit: 1. **Client ID** 2. **Client Secret** 3. **Issuer URI/Authority** 7. (Optional) Map additional claims as needed. 8. Save your settings. Once the Starshipit team has enabled SSO for your organisation, you can start using your new SSO auth by logging in via your dedicated login URL e.g. . Alternatively, you can use the **Continue with SSO** button on the Starshipit login page and enter {your_tenant_name} in the box when prompted for your SSO domain. ![Continue with SSO button on login page](/uploads/attachments/sso-login-button.png) :::note The embedded Shopify app has strict cookie and external authentication provider restrictions. As such, customers wanting to sign in using SSO must use Starshipit in a separate browser tab. :::