--- id: cloud/account-management/enterprise-sso title: Enterprise SSO | Cypress Cloud description: >- Configure SSO with Okta, SAML, or Azure AD in Cypress for your Cloud organization. section: cloud source_path: docs/cloud/account-management/enterprise-sso.mdx version: fa8f60eba6ec9a949b75fe9f9f5f6591719cd01f updated_at: '2026-05-05T21:21:10.048Z' --- # Enterprise SSO ##### What you'll learn * How to enable Enterprise SSO for your organization * How to configure SSO with Okta, SAML, or Azure AD ## Getting Started **You need two things to get started:** * A Cypress Cloud account with a [Business or Enterprise paid pricing plans](https://www.cypress.io/pricing) * You must be an **owner** of your Cypress Cloud organization. ## Enable SSO 1. Log in to [Cypress Cloud](https://cloud.cypess.io) and navigate to the **Integrations** page for your organization. 2. Scroll down to the **Enterprise SSO** section. Select your SSO provider and take note of the information provided and required. Keep this window open and continue to the [configuration instructions for your specific SSO provider](#SSO-Provider-Configuration) below. ## SSO Provider Configuration Follow the instructions below for your specific SSO provider. **Smart Card Authentication** For Smart Card implementation, please reach out to support at [support@cypress.io](mailto:support@cypress.io) for assistance. * [Okta](#Okta) * [SAML](#SAML) * [Azure AD](#Azure-AD) ### **Okta** Cypress Cloud can integrate with Okta via SAML. In addition to the documentation below, refer to [Okta's official documentation for setting up a new SAML application.](https://developer.okta.com/docs/guides/saml-application-setup/overview/) 1. Log into your Okta dashboard and head to the **Admin** section. 2. Create a new SAML-based Web application. 3. Supply the following information requested in the Okta setup wizard: * **App name:** `Cypress Cloud` * **App logo:** [Cypress logo download](https://on.cypress.io/logo) * **Single sign on URL:** The URL provided in Cypress Cloud * **Audience URI:** The URI provided in Cypress Cloud * **Attribute statements:** Add the attribute statements described in Cypress Cloud 4. Click **Next** then select **I'm an Okta customer** and click **Finish**. 5. Click the **View Setup Instructions** button in the middle of the page. Cypress Cloud needs the information provided here: * Copy the Identity Provider Single sign-on URL to Cypress Cloud. * Download the certificate and upload that to Cypress Cloud. 6. Navigate to the **Assignments** tab and grant your users access to Cypress Cloud. 7. [Save Configuration](#Save-Configuration). ### **SAML** Cypress Cloud can integrate with your identity provider via SAML. In addition to the documentation below, refer to your provider's official documentation for configuring a SAML integration. 1. Log into the admin interface for your identity provider. 2. Work through the setup wizard supplying the information requested: * **App name:** `Cypress Cloud` * **App logo:** [Cypress logo download](https://on.cypress.io/logo) * **Single sign on URL:** Collect the URL provided by Cypress Cloud * **Audience URI:** Collect the URI provided by Cypress Cloud * Add a custom mapping of **AttributeStatements** with the following: * `User.Email`: User's email * `User.FirstName`: User's first name * `User.LastName`: User's last name 3. Collect the sign-on URL and certificate from your identity provider. Supply that to Cypress Cloud. 4. [Save Configuration](#Save-Configuration). ### **Azure AD** Cypress Cloud can integrate with your identity provider via Azure AD. In addition to the documentation below, refer to the Microsoft Guides for [configuring an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app). 1. Log into the Azure portal and create a new Application. 2. Work through the application setup, supplying the following information when requested: * **App name:** `Cypress Cloud` * **App logo:** [Cypress logo download](https://on.cypress.io/logo) * **Login URL:** Collect the URL provided by Cypress Cloud 3. Collect the `Client ID` for your application provided in the Application overview page. 4. Go to **Certificates and Secrets** in your Azure Application and create a new secret that does not expire. Copy this newly-created secret and paste it in the `Azure Client Secret` field in Cypress Cloud. 5. Under **API Permissions** in Azure AD, ensure the application has access to **User.Read** permissions 6. Enter the domain used for your Active Directory, as well as the list of SSO domains you wish to allow user to authenticate with, in Cypress Cloud. This is used for SSO discovery from the login screen. 7. [Save Configuration](#Save-Configuration). ## Save Configuration Return to Cypress Cloud and click **Save Configuration**. Cypress Cloud will attempt to authenticate. 🎉 Your integration is now complete! You can invite all of the users in your organization to sign in through your SSO provider. ## Notes * Once SSO is successfully set up, users will need to be invited via your SSO provider, as the Cypress Cloud invitation option will be disabled. * All SSO Users are initially added with the [User Role](/llm/markdown/cloud/account-management/users.md#User-roles) of Member. If a User needs different User Role permissions, this can be changed via Cypress Cloud by a current member with the role of Owner or Admin. * SSO users are separate accounts from Google/GitHub or email/password users. If there are duplicate users, duplicates can be removed by any [Owner or Admin](/llm/markdown/cloud/account-management/users.md#User-roles).