> For the complete documentation index, see [llms.txt](https://docs.complycube.com/documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.complycube.com/documentation/access-management/single-sign-on-sso.md).

# Single Sign-On (SSO)

### Overview

ComplyCube allows you to add team members and govern access to our **ComplyCube Web Portal** by easily integrating with your chosen **Identity Provider (IdP)** via **SAML**.

This integration ensures your team members benefit from a single sign-on (SSO) experience. It allows them to access ComplyCube using the same credentials and sign-in interface as your other service providers, enabling a **secure and cohesive user experience**.

Using SSO, your team members will be redirected to your IdP for authentication and authorization. Upon successful access verification, they will be seamlessly redirected back to ComplyCube.

{% hint style="warning" %}
When SSO is enabled, the standard ComplyCube sign-in flow will be disabled for all team members except the **Account Owner**. This safeguard ensures that, if the identity provider (IdP) becomes unavailable, the Account Owner can still access the Portal and deactivate SSO, restoring direct sign-in access for the rest of the team.
{% endhint %}

{% hint style="info" %}
This service is available through our **Enterprise Plan**. Get in touch with your Account Manager or [contact us](https://www.complycube.com/sales) to enable it.
{% endhint %}

### Just-in-Time (JIT) provisioning

ComplyCube supports JIT provisioning, allowing accounts for new team members to be created automatically at first sign-in. By default, all new members are assigned the '[Analyst](https://docs.complycube.com/documentation/guides/roles-and-permissions#user-roles)' role. The **ComplyCube Account Owner** or **Administrators** can later adjust this role through the [team members settings page](https://portal.complycube.com/settings/team).

{% hint style="info" %}
Should the number of **allocated seats** for an account be fully utilized, ComplyCube will stop provisioning new accounts. In such instances, your team member will get a message prompting them to contact their Account Owner.
{% endhint %}

### User roles with SSO

[User roles and permissions](/documentation/access-management/teams-and-user-roles.md) can be set via the [team members settings page](https://portal.complycube.com/settings/team) through the Portal.

### Removing accounts <a href="#removing-end-user-accounts" id="removing-end-user-accounts"></a>

Removing a team member from the IdP will prevent them from being able to sign in to ComplyCube. However, it will not remove their account from ComplyCube. **Accounts must be removed** from the ComplyCube [team members settings page](https://portal.complycube.com/settings/team).

### Requirements for SSO

* Your IdP must support the **SAML 2.0** standard.
* Your IdP must support **SHA256** for signatures.
* You must have **administrative permission** on the IdP.
* You must be an **Account Owner** or **Administrator** on ComplyCube.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.complycube.com/documentation/access-management/single-sign-on-sso.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.