# Logging In with SSO If your organization has configured a Single Sign-On (SSO) identity provider, users can sign in using their existing corporate credentials instead of a separate password. ## How SSO Login Works 1. Navigate to your tenant's login page (e.g., `https://your-company.accessiq.app`) 2. You'll see login options based on your tenant's configuration: * **Email & Password** — Direct login * **Identity Provider buttons** — "Sign in with Okta", "Sign in with Azure", etc. 3. Click your identity provider 4. You'll be redirected to your provider's login page 5. After authenticating, you're redirected back to AccessIQ and signed in ## Supported Identity Providers AccessIQ supports the following SSO providers: * **Okta** * **Azure Entra (formerly Azure AD)** * **Google Workspace** * **Auth0** * **AWS Cognito** * **Ping Identity** * Any provider that supports **SAML 2.0** or **OpenID Connect (OIDC)** ## First-Time SSO Login When a user signs in via SSO for the first time: * Their account is **automatically created** in AccessIQ (Just-In-Time provisioning) * They're assigned a default role (typically "Member") * If they have a pending invitation, the invitation role is applied instead * Their profile information (name, email) is synced from the identity provider ## Signing Out When you sign out of AccessIQ, you'll be signed out of the current session. If you signed in via SSO, you may also be redirected to your identity provider's logout page. ## Troubleshooting | Issue | Solution | | ------------------------------------ | ------------------------------------------------------------ | | No SSO button on login page | Your admin hasn't configured an identity provider yet | | "Authentication failed" after SSO | Contact your admin — the IdP configuration may need updating | | Redirected to wrong page after login | Clear browser cookies and try again | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://accessiq.gitbook.io/accessiq-docs/getting-started/logging-in-with-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.