# Set up Single Sign-On (SSO) Single Sign-On (SSO) is an authentication method that lets users access multiple applications with one set of credentials, which are stored securely in a centralized cloud directory. This reduces password fatigue, strengthens security, and simplifies login management across your organization. There are several standards for implementing SSO, including Security Assertion Markup Language (SAML), OpenID, and OAuth. Each has its own specifications and is not interchangeable. Databox currently supports the **SAML 2.0** standard. ## Set up Single Sign-On ### Enable or disable SSO 1. Go to **Account Management > Advanced security > Single sign-on**. 2. Switch the toggle at the top to **Enabled** (or back to **Disabled** if you want to turn SSO off). ### Exchange configuration details To complete the setup, you'll need to exchange information between Databox and your Identity Provider (IdP). Databox supports the **Service Provider (SP) initiated flow** by default. The **Identity Provider (IdP) initiated flow** can be enabled on request, though it is [less secure](https://fusionauth.io/docs/lifecycle/authenticate-users/identity-providers/enterprise/samlv2-idp-initiated) and discouraged unless necessary. Service Provider (SP) initiated flow sp-flow Identity Provider (IdP) initiated flow idp-flow To enable the IdP-initiated flow, contact Databox Support via live chat or at [help@databox.com](mailto:help@databox.com). Use the table below to map Databox fields to the terms used by your IdP: | Field name | Synonyms | Provider | Action | | --- | --- | --- | --- | | Callback URL | Assertion Consumer Service (ACS) URL | Databox | Copy from Databox and paste into your IdP. | | Issuer | Entity ID, Audience URI, SP Entity ID | Databox | Copy from Databox and paste into your IdP. | | Metadata URL | Federation Metadata URL, SAML Metadata | Databox | Copy from Databox and paste into your IdP (if required). | | Single Sign-On URL | IdP Login URL, SAML Endpoint, Identity Provider SSO URL | Identity Provider | Copy from IdP and paste into Databox. | | X.509 Certificate | IdP Certificate, Public Key, Signing Certificate | Identity Provider | Copy from IdP and paste into Databox. | | Managed Domain(s) | Domain Restriction, Allowed Domains | You define | Enter domains (e.g., company.com). Only users with matching email domains can log in with SSO. | ### Require Single Sign-On for all users Account administrators can enforce SSO authentication for every user in the account. In agency accounts, this setting applies only to agency account users—client users are not affected. To require SSO for all users: 1. Go to [Account Management > Advanced security > Single sign-on](https://account.databox.com/security/single-sign-on). 2. Switch the **Require SSO for all users** toggle to **Enabled**. 3. Confirm in the pop-up by clicking **Yes**. 4. Click **Save changes**. Enforcing SSO deletes all stored passwords. If SSO is later disabled, users must reset their passwords to log in again. No. Only one Identity Provider can be configured per Databox account, whether it's an Agency Account or a standard account. If you need support for multiple Identity Providers, you can request this feature on the [Roadmap](https://roadmap.databox.com/). No. Service Provider (SP) provisioning is not supported. Users must first be created in Databox before they can authenticate via the IdP. Users are identified by their **email address**. The email address in Databox must match the email stored in the identity provider (IdP) **character for character, including uppercase and lowercase letters**. Databox has a [verified application](https://www.okta.com/integrations/databox/) in the **Okta Integration Network**, making setup simple for Okta users. For other Identity Providers, such as **Azure Active Directory, OneLogin, or Ping Identity**, you can configure Databox manually using the SAML 2.0 standard.   Ask Genie Get instant answers or help with your data using the in-app AI assistant. Talk to an expert For customers: Get help with your setup, strategy, or making the most of Databox. Book a demo New to Databox? See how it works and get guidance on getting started. Send an email Reach out to support for help with your account, data, or technical issues.