# Single sign-on (SSO)

Configure single sign-on for your organization to allow users to access Comind.work using their existing Microsoft or Google credentials.

## SSO configuration overview[​](#sso-configuration-overview "Direct link to SSO configuration overview")

Enable users to log in to Comind.work using their existing organizational credentials:

* **Single sign-on** - eliminate the need for separate Comind.work passwords
* **Centralized management** - manage user access through your existing identity provider
* **Enhanced security** - leverage your organization's existing security policies
* **User convenience** - reduce password fatigue and login friction

## Option 1: Microsoft Entra ID[​](#option-1-microsoft-entra-id "Direct link to Option 1: Microsoft Entra ID")

Configure SSO using Microsoft Entra ID (formerly Azure Active Directory):

### Registration process[​](#registration-process "Direct link to Registration process")

1. **Access Azure portal** - go to the Microsoft Entra ID application registration portal

2. **Register application** - follow Microsoft's "Adding an application" documentation

3. **Configure URLs** - set up the following URLs for cloud installation:

   <!-- -->

   * **Web app URL**: `https://accounts.comindwork.com`
   * **Return URL**: `https://accounts.comindwork.com/signin-dgoX` (where X is your unique number from Comind.work support)

4. **Enable tokens** - configure token settings for authentication

![Microsoft Entra ID application registration showing redirect URI and token configuration](/assets/images/azure-sso-6432198b8c9971d43864020d3e06371e.png)

### Complete setup[​](#complete-setup "Direct link to Complete setup")

5. **Contact Comind.work support** - send your `Application ID` and `Tenant ID` to enable SSO

## Option 2: Google Workspace[​](#option-2-google-workspace "Direct link to Option 2: Google Workspace")

Configure SSO using Google Workspace (formerly Google Apps):

### Setup process[​](#setup-process "Direct link to Setup process")

1. **Access Google console** - go to <https://console.developers.google.com/apis/credentials>

2. **Create credentials** - select "Create Credentials" > "OAuth client ID"

3. **Configure application**:

   <!-- -->

   * **Application type**: select "Web application"
   * **Name**: provide a name for the app (e.g., "Comind")

4. **Set redirect URI** - add the redirect URI: `https://accounts.comindwork.com/signin-dgoX` (where X is your unique number from Comind.work support)

5. **Create application** - use the "Create" button to finalize setup

6. **Contact Comind.work support** - send your `Client ID` and `Client Secret` to enable SSO

## Testing SSO configuration[​](#testing-sso-configuration "Direct link to Testing SSO configuration")

After completing the setup process:

* **Access login page** - go to the Comind.work login page and enter your email
* **Domain verification** - users with your organization's email domain will see the SSO login option
* **Authentication flow** - users will be redirected to your identity provider for authentication

\[image: Google Workspace OAuth client configuration with redirect URI]

## SSO login flow[​](#sso-login-flow "Direct link to SSO login flow")

When SSO is configured, users enter their email on the Comind.work login page. If the email domain is associated with an SSO-enabled organization, the next screen shows an SSO login button. Users without SSO see a standard password prompt instead.

## Related[​](#related "Direct link to Related")

* [Manage users](/admin-guide/system-admin/manage-users.md) - create and manage user accounts that authenticate through SSO
* [Security overview](/admin-guide/system-admin/security-overview.md) - authentication, authorization, and data protection across the platform