# Activate SAML SSO for a Company

This authentication method was implemented to avoid manually creating users within a company and to allow them to use the same credentials from SAML applications. For example, with Microsoft, you can configure it so that all users in your domain can log in to the Shippify dash. As users log in to the dash, they will be created in the system under specific roles.

<figure><img src="/files/vuMFSSipdqglXRYu5ioj" alt=""><figcaption><p>Inicio de sesión con SSO</p></figcaption></figure>

### Configure user roles in your identity provider&#x20;

Through SAML SSO, you can assign user roles that provide certain permissions in the Shippify account, which also apply to all Shippify APIs. User roles are assigned in the identity provider and transferred to Shippify in the SAML assertion. The available user roles are:

<table data-full-width="true"><thead><tr><th>Role</th><th>Alias role</th><th>Description</th></tr></thead><tbody><tr><td>Super Admin</td><td>super_admin</td><td>Manage all the account options and settings.</td></tr><tr><td>User</td><td>operator</td><td>Allow full task management and editing of profile settings.</td></tr><tr><td>Searcher</td><td>searcher</td><td>Only allowed to perform searches.</td></tr></tbody></table>

Many identity providers use custom attributes and attribute statements for roles. Typically, roles can be assigned to individuals or groups. Refer to your specific IdP documentation for more details.

### Configuration

To complete the initial connection between the identity provider and shippify.co, enter the required information in the [SSO configuration page of your Shippify account. ](https://dash.shippify.co/settings/sections/integrations/sso/azure)&#x20;

* **Domain:** domain of the users' emails.&#x20;
* **Default user role:** Role that new users will take within Shippify.

<figure><img src="/files/SPwV5CcT7kYIK2aJWFGP" alt=""><figcaption><p>Configuración</p></figcaption></figure>

Click on Next to submit the form. You will be prompted to complete the SAML IdP details.

<figure><img src="/files/RbxTX3CxKUGMh9nX8CIn" alt=""><figcaption><p>Configuración adicional</p></figcaption></figure>

* `Identifier` refers to the `Entity ID`, `Issuer,` or `Issuer URL` in your IdP. Copy this value into your IdP.
* `Reply URL` refers to the `Assertion consumer service.` Copy this value into your IdP.&#x20;
* `Identity Provider logout URL` refers to the `SSO sign-out URL` in your IdP. Copy this value into your IdP.&#x20;
* `App federation metadata URL.` From your IdP's SSO configuration page, copy the metadata URL to the Shippify configuration page and click Enable SSO to complete the setup.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.shippify.co/developers/en/integration-guide/advanced-process/security/activate-saml-sso-for-a-company.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.