> ## Documentation Index > Fetch the complete documentation index at: https://docs.envzero.com/llms.txt > Use this file to discover all available pages before exploring further. # Self-Service SSO Integration > Configure enterprise SSO from the env zero interface using SAML 2.0 or Azure Active Directory without support requests, plus optional SCIM 2.0 provisioning. ## Overview Single Sign-On (SSO) allows your organization to manage user authentication through your existing identity provider. This setup improves security posture by enforcing consistent login policies across tools, while also reducing the overhead of user provisioning and access changes. With SSO in place, teams can control access at scale, reduce operational overhead, and meet compliance standards required in enterprise environments. It's also a key building block for Role-Based Access Control (RBAC) and auditability. ### Key Benefits * **Security and Compliance** - Enforce your organization's authentication policies, including multi-factor authentication and password requirements * **Centralized User Management** - Manage user access through your identity provider instead of separate env zero accounts * **Automated Provisioning** - Users are automatically provisioned with appropriate roles when they sign in through SSO * **Audit Trail** - Authentication events are logged in your identity provider for compliance reporting ### What's New: Self-Service Configuration You can now configure SSO directly from the env zero interface without contacting support. This means: * **Immediate setup** - Configure SSO during your initial onboarding without waiting for support tickets * **Full control** - Update SSO settings, domain mappings, and role configurations on your own schedule * **No dependencies** - Make changes without coordination or back-and-forth with support teams Previously, SSO configuration required submitting a support request. With self-service SSO, you have complete control over your authentication setup directly in the UI. ## Supported Authentication Methods env zero supports two authentication methods: * **Azure Active Directory (Microsoft Entra ID)** - OAuth-based authentication for organizations using Microsoft identity services * **SAML 2.0** - Standard protocol compatible with any SAML identity provider (Okta, OneLogin, JumpCloud, and others) ## Prerequisites **Edit Organization Settings permission** is required to configure SSO for your organization. ## Accessing SSO Configuration Go to your organization settings. Click on the **SSO** tab. ## SSO Connection Types Your organization can have one SSO connection configured at a time. You can choose between: * **Azure Active Directory** - OAuth-based authentication with Microsoft Entra ID * **SAML** - SAML 2.0 authentication with any SAML-compatible identity provider SSO connection configuration interface showing options to create Azure AD or SAML connection

SSO connection configuration interface showing options to create Azure AD or SAML connection

## Configuring SSO Click on **Azure AD** or **SAML** to create a new connection, or click on an existing connection to edit it. Fill out the self-service form with the required information. The form includes two steps: * **Single Sign-On** - Configure the SSO application settings * **Domain Configuration** - Set up domain and property mappings Set up the SSO application in your identity provider as expected and configure the necessary property mappings. Self-service SSO configuration form showing Single Sign-On and Domain Configuration steps

Self-service SSO configuration form showing Single Sign-On and Domain Configuration steps

## Setup Guides * [Azure Active Directory Setup](/guides/sso-integrations/self-service-azure-ad) * [SAML Setup](/guides/sso-integrations/self-service-saml) ## Automated User Provisioning (SCIM) Once SSO is configured, you can enable SCIM 2.0 provisioning to automatically sync users and groups from your identity provider. See [SCIM Provisioning](/guides/sso-integrations/scim-provisioning) for setup instructions. ## Advanced Configuration **Switching SSO Types** If you'd like to switch between SAML and Azure AD (or vice versa), please contact us at [support@env0.com](mailto:support@env0.com). For advanced configuration options including team filtering and admin role assignment, see [Sync Roles & Groups From Your IdP](/guides/sso-integrations/importing-roles-or-groups-from-your-identity-provider). ## Editing an Existing Connection To edit an existing SSO connection, navigate to Organization Settings > SSO tab and click on the configured connection. SSO connection configuration interface showing existing connection that can be edited

SSO connection configuration interface showing existing connection that can be edited

## Next steps * [Self-Service SAML Setup](/guides/sso-integrations/self-service-saml) - Configure SAML-based authentication. * [Sync Roles & Groups From Your IdP](/guides/sso-integrations/importing-roles-or-groups-from-your-identity-provider) - Import identity provider roles into env zero. * [SCIM Provisioning](/guides/sso-integrations/scim-provisioning) - Automate user lifecycle management via SCIM.