# How do I set up SSO login for my company? Single Sign-On (SSO) enables admins to make the central management of user accounts more efficient. Users can access various services and applications with a single login. This makes password management and access control easier, leading to greater security and efficiency in central account management. In this article, you will learn how to set up the SSO login function for your account. {% hint style="info" %} Here you will find detailed step-by-step instructions on how to configure SAML SSO at [Google](https://help.sipgate.de/hc/de/articles/13533077615517-Wie-richte-ich-SAML-SSO-mit-Google-ein-), [Microsoft](https://help.sipgate.de/hc/de/articles/13692433672349-Wie-richte-ich-SAML-SSO-mit-Microsoft-ein-) and [Okta](https://help.sipgate.de/hc/de/articles/13695565217309) configure. {% endhint %} #### Verify domain As an admin, you can set up SSO for your company. To do this, log in to your sipgate account and proceed as follows: **Account --> Single Sign-on (SSO)**. ![](/files/d4548e0bb292f68973295b7e93aa9ae6044c7d60) In the first step, you need to verify your domain with sipgate. Go to **Add domain**. ![](/files/fc0e903312adc618aa13cc150285d3ac984221d3) Enter the name of your domain and confirm this step with **Start verification**. ![](/files/bd3ea36ed9f0114c4291873bd18eca42bcc19519) For verification, you will receive a key in the form of a **TXT record**. Please enter this at your DNS provider. You will be informed by email about the status of your domain verification. ![sipgate help center SSO4.png](/files/ee9fc7d691f9e624f2ae8a94cbd2f7df5143c1bf) {% hint style="info" %} If you want to verify multiple domains, you can do so right at the beginning. {% endhint %} Domain verification can take **up to 24 hours** to complete. You can track the status of the verification in your account. In addition, you will receive an email notification as soon as the status changes. #### Set up SSO configuration Once your domain has been verified, you can continue with the SSO configuration. The data configured by sipgate (**ACS URL** and **Entity ID**) can be found in the Service Provider data section. Enter this information in your Identity Provider when prompted. In the next step, click **Add data**to set up the SSO configuration. ![sipgate help center SSO7.2.png](/files/c885366d5f4de76c207259e1ab3ccf62124dc219) You can either set up the interface **manually** or use the **XML file upload**function. ![sipgate help center SSO7.1.png](/files/3d62288ce25bf27c36868730207d299217654af0) {% tabs %} {% tab title="manually" %} For manual configuration, please enter your **SSO URL**, your **Entity ID** as well as your **Certificate** and then click on **Save**. You can find this information at your Identity Provider if you want to set up an SSO interface with a service. ![sipgate help center SSO8.png](/files/a717700050d75ff5289a52977bf6c614cd20fe0d) {% endtab %} {% tab title="XML file upload" %} You also have the option of uploading an XML file so that the information is filled in automatically. You can configure this file in your Identity Provider. ![sipgate help center SSO2.1.png](/files/ca1b1d0d90b6e8f5c45a9818790dbc5b88be143c) {% endtab %} {% endtabs %} Once you have successfully completed these steps, the interface between sipgate and your Identity Provider should be set up. You can then activate SSO login via the toggle. ![sipgate help center SSO7.3.png](/files/d4f941cabe41da5ee9f2405fffc24c2016176108) #### Important notes on SSO login ### **What happens if my domain is not verified?** If your domain cannot be verified, the domain must be deleted and entered again for verification. If your domain still cannot be verified, please contact our customer support. ### **What happens if I delete all domains in the SSO area?** If all existing domains have been deleted, the domain setup must be started from the beginning. However, please note that the SSO configuration remains saved and can be used again after the domain has been reverified. ### **What happens if I deactivate the SSO login function?** If you deactivate the SSO login method, web users will log in via other methods, such as login credentials or social login. This change only takes effect when a new login attempt is made by web users. ### **What happens if the certificate was not imported correctly?** In the sipgate Google login, an error message is then shown **400 SAML Error: malformed\_certificate**\ **Solution**: Reinsert the certificate and pay attention to the formatting --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.sipgate.de/cloud-telefonanlage/en/account-management/login/wie-richte-ich-einen-sso-login-fuer-mein-unternehmen-ein.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.