> ## Documentation Index > Fetch the complete documentation index at: https://docs.tuple.app/llms.txt > Use this file to discover all available pages before exploring further. # OneLogin > How to configure SAML SSO with OneLogin for your Tuple team export const provider_1 = "OneLogin" export const children_0 = undefined export const provider_0 = "OneLogin" This guide walks through configuring SAML SSO with OneLogin as your identity provider. Email addresses in {provider_0} and Tuple must match exactly. For example, `dev+tuple@company.com` does not match `dev@company.com`. Verify your team's email addresses before enabling SSO. After signing in to your OneLogin account, click **Applications > Applications** in the top navigation bar. Add SSO SAML App

In the search field, enter `SAML Test` and select **SAML Test Connector (Advanced)** from the results. Locate App From Search

Fill in any required metadata, upload company logos, and save the new application. SAML Metadata

After saving, click **Configuration** in the left-hand sidebar. Tuple Metadata

Fill in the following fields: **Audience (EntityID)** ``` https://production.tuple.app/users/saml/metadata ``` **Recipient** ``` https://production.tuple.app/users/saml/auth ``` **ACS (Consumer) URL Validator** ``` https:\/\/production.tuple.app\/users\/saml\/auth ``` **ACS (Consumer) URL** ``` https://production.tuple.app/users/saml/auth ``` **Login URL** ``` https://production.tuple.app ``` Navigate to the **Parameters** section in the sidebar and click the plus button to add new fields. Tuple requires three fields in the SSO response: `email`, `first_name`, and `last_name`. Add User Parameters

When adding each field, check the **Include in SAML Assertion** checkbox. Check assertion

Repeat for `first_name` and `last_name`. Adding First Name

Once all required parameters are added, the screen looks like this: All Required Tuple Params

Download your X.509 certificate. Click **SSO** in the sidebar and find the link to **View Details**: View certificate

Click **Download** to save the certificate file. Download certificate

Return to the **SSO** screen and locate the **Issuer URL** and **SAML 2.0 Endpoint (HTTP)**. Entity ID and auth URL

Navigate to the **Settings** tab of the [team management dashboard](https://production.tuple.app/team_management/settings). Only [team owners](/team-management/team-owner-and-managers) can enable SAML. To find out who your team owner is, check [your profile](https://production.tuple.app/profile#team). Under **Sign-in methods**, set **Required Authentication Provider** to **SAML SSO**. The **Update SAML Configuration** form appears: SAML configuration form in Tuple

Fill in the values with your {provider_1} metadata: {children_0} Select the **Email Domain** that SAML should apply to. Only domains with confirmed team members are available. Click **Save as draft**. Your draft is saved as a **Pending Update** alongside your current sign-in method, so no one on your team is affected yet. Pending SAML update showing Test and Publish actions

Pending SAML update showing Test and Publish actions

Click **Test** to verify the configuration end-to-end. Tuple signs you in through {provider_1} so you can confirm that authentication succeeds before the change affects anyone else on your team. Once the test succeeds, click **Publish** to make the configuration live. Active Tuple sessions persist, but new sign-ins are routed through {provider_1}. Use **Edit** to tweak the draft, or **Discard** to throw it away without publishing.