> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meetjamie.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Single sign-on (SSO)

> Set up SAML 2.0 SSO and domain verification for your Jamie workspace

Single sign-on (SSO) allows your organization to manage authentication centrally through your identity provider (IdP). Jamie supports SAML 2.0, which is compatible with Okta, Microsoft Entra ID, Google Workspace, and any other standard IdP.

Setup has two steps that must be completed in order:

1. **Verify your domain** — proves your organization owns the domain
2. **Configure SAML** — connects your IdP to Jamie

Both are found under **Settings → Security** in the Jamie app.

<Frame>
  <img src="https://mintcdn.com/jamie-9c8bb406/7kqRin4UE2wPWsdv/images/sso-security-settings.png?fit=max&auto=format&n=7kqRin4UE2wPWsdv&q=85&s=5be59b810cf89fdaffd7d97dbebb8f6d" alt="SSO security settings" width="2578" height="1198" data-path="images/sso-security-settings.png" />
</Frame>

## Step 1: Verify your domain

Domain verification must be completed before SAML can be configured.

1. Go to **Settings → Security** in Jamie
2. Click **Configure** next to **Domain Verification Settings**
3. Enter the domain you want to verify (e.g. `example.com`)
4. You'll be given a TXT record to add to your DNS:

<Frame>
  <img src="https://mintcdn.com/jamie-9c8bb406/7kqRin4UE2wPWsdv/images/sso-domain-verification.png?fit=max&auto=format&n=7kqRin4UE2wPWsdv&q=85&s=f412058b9cdabbda44a30bd159317d3b" alt="Domain verification TXT record" width="1694" height="1926" data-path="images/sso-domain-verification.png" />
</Frame>

5. Add the TXT record in your DNS provider (Cloudflare, Route 53, Google Domains, etc.)
6. Once added, verification is automatic — it usually takes under a minute, but can take up to 48 hours if you're updating an existing TXT record

<Tip>
  You can verify multiple domains (e.g. `example.com` and `subsidiary.example.com`) by repeating this step for each one.
</Tip>

## Step 2: Configure SAML

Once your domain is verified:

1. Go to **Settings → Security** in Jamie
2. Click **Configure** next to **SSO-Provider Connection Settings**
3. Select your identity provider and follow the on-screen instructions

<Frame>
  <img src="https://mintcdn.com/jamie-9c8bb406/7kqRin4UE2wPWsdv/images/sso-provider-selection.png?fit=max&auto=format&n=7kqRin4UE2wPWsdv&q=85&s=4a9739925a672614c5a16b9fc16fcc35" alt="SSO provider selection" width="2232" height="1752" data-path="images/sso-provider-selection.png" />
</Frame>

You'll be provided with an **ACS URL** and **Entity ID** to enter in your IdP. The setup wizard includes step-by-step instructions for each supported provider.

### Supported identity providers

* **Okta**
* **Microsoft Entra ID** (Azure AD)
* **Google Workspace**
* **Auth0**
* **ADP**
* **Cloudflare**
* **Custom SAML** — any other SAML 2.0-compliant IdP
* **Custom OIDC**

## After setup

Once SAML is configured, all users signing in with one of your verified domains will be required to authenticate through your IdP. Users who previously signed in with email or social login will be redirected to SSO on their next login.

## SCIM provisioning

Automated user provisioning via SCIM is coming soon — this will let you automatically create, update, and deprovision Jamie accounts directly from your IdP.

## Questions?

If you run into any issues during setup, reach out to your account manager.