# Single Sign-On (SSO) Setting up SSO with ION allows you to provision and de-provision users in ION automatically. Company employees will be able to login to ION for the first time using SSO and that will create a user profile for them with the User role. There, admins can grant them any additional roles. In addition, when a user is de-provisioned from SSO, the user will be deactivated automatically in ION. ## Azure AD ### 1. Open a support ticket and provide your domain information You can set up your organization to sign in to ion using your Azure AD. [Contact](mailto:support@firstresonance.io) First Resonance support with the following information and follow the subsequent steps to confirm your connection. * Your Azure AD Domain address (e.g. firstresonance.onmicrosoft.com) * A list of email domains that should be enabled with login to ION (@acme.com, @acme.io, @acmeindustries.com, etc). Any of the emails with these associated domains will trigger the ION authentication flow to authenticate with your AD. ### 2. Register the application in your AD * In your Azure AD panel, go to **Azure Active Directory** → **App Registrations** → **New Application.** * (Optional) For supported account types, select the domain that you prefer for your Azure AD services * Enter the below line as a Web type for Redirect URI: [`https://firstresonance.auth0.com/login/callback`](https://firstresonance.auth0.com/login/callback) * Take note of the client ID and client secret values * Send the values to the First Resonance support team. ### 3. Confirm credential exchange and test connection Once the support ticket confirms, test your connection by going to the application. Signing in with your provided domains, users should be able to type in their Azure-associated email address and see something similar to this before completing authentication with your Azure AD identity provider; ![Single Sign-On redirect enabled for SSO domains](/files/-MQOJHnA5IuHpJ6v0bl-) ## ADFS ### 1. Open a support ticket Open a support ticket with First Resonance, as described in the Azure AD section above ### 2. Set up ADFS using provided values Follow the instructions for manual set up, per Auth0's documentation here: The values required for First Resonance authentication are as follows: * Realm Identifier: `urn:auth0:firstresonance` * Endpoint: `https://firstresonance.auth0.com/login/callback` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manual.firstresonance.io/adminstration/administration-and-configuration/single-sign-on-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.