# Single sign-on Bunny supports single sign-on via SAML to enable a more secure and frictionless login experience. {% hint style="info" %} Bunny also supports SCIM for automated user provisioning. Follow this SAML setup and then [head over and setup SCIM](https://docs.bunny.com/guide/advanced-guides/scim-user-provisioning). {% endhint %} ### Step 1 - Configure the identity provider Login to your identity provider and add a new SAML application. {% tabs %} {% tab title="OneLogin" %} 1. On the Applications tab click to Add a new application. 2. Search for "**SCIM Provisioner w/SAML (SCIM v2 w/OAuth & Scope)**" and select the application with this name. 3. Change the app name to Bunny and then click save. 4. On the **Configuration** tab enter the following values (substituting your Bunny subdomain) and click Save. \ **SAML Audience URL**\ \ \ **SAML Consumer URL**\ \ \ **Site**\ 5. Assign the app to your test user account.
{% hint style="info" %} Ignore the SCIM related fields for now. We're only setting up SAML here and will [configure the SCIM fields later](https://docs.bunny.com/guide/advanced-guides/scim-user-provisioning). {% endhint %} {% endtab %} {% tab title="Okta" %} 1. In the Admin section under Applications click to **Create a new App integration**. 2. The type of integration is **SAML 2.0** 3. Give the app a name "Bunny" 4. Set the following fields\ \ **Single sign-on URL**\ \ \ **Audience URI (SP Entity ID)**\ 5. Set the **Name ID format** to **EmailAddress** 6. Set the **Application username** to **Email** 7. Click to **save** the application then scroll down to the **SAML Signing Certificates** section and click the button to **View SAML setup instructions.** 8. Keep the instructions open, you will need them in the next step. {% endtab %} {% endtabs %} ### Step 2 - Configure Bunny The next step is to copy the SAML fields from the identity provider and paste them back into Bunny. Login to your Bunny account and select the **Other > Settings** option from the top navigation menu.

* Now select the SSO tab * Then, toggle the **Enable** switch to the on position * And copy/paste the following fields over from your identity provider {% tabs %} {% tab title="OneLogin" %} Switch to the SSO tab on the application you created in step 1. | Onelogin field | Bunny field | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | | SAML 2.0 Endpoint (HTTP) | Identity Provider Single Sign-On URL | | Issuer URL | Identity Provider Issuer | |

On the Onelogin application click under X.509 Certificate click View Details.

Then copy the certificate starting with "-----BEGIN CERTIFICATE-----"

| X.509 Certificate | {% endtab %} {% tab title="Okta" %} From the SAML setup instructions copy the following to Bunny | Okta field | Bunny field | | ------------------------------------ | ------------------------------------ | | Identity Provider Single Sign-On URL | Identity Provider Single Sign-On URL | | Identity Provider Issuer | Identity Provider Issuer | | X.509 Certificate | X.509 Certificate | | {% endtab %} | | | {% endtabs %} | | ### Step 3 - Test the single sign-on As as security best practive there is no backdoor for the Bunny account owner to change SSO settings which means if you have not got the configuration right you will not be able to login. {% hint style="warning" %} We recommend that you **test the SSO login in a different browser** so that you can keep your existing Bunny session alive in case any changes need to be made. {% endhint %}